Hello,
I am running a SaaS application in which users can connect their own custom domain to the specific page of my application. I am using the ServerAvatar panel for managing the server. They allowed unlimited addon domains, but had some confusion with Let's Encrypt SSL.
So, I want to know how many maximum SSL certificates can be issued for add-on domains under the main domain?
As mentioned in the Let's Encrypt rate limits documentation,
Up to 50 certificates can be issued per registered domain (or IPv4 address, or IPv6 /64 range) every 7 days. This is a global limit, and all new order requests, regardless of which account submits them, count towards this limit. The ability to issue new certificates for the same registered domain refills at a rate of 1 certificate every 202 minutes.
Is the limit of 50 certificates per registered domain every 7 days reset after 7 days for more domains? Means if I added 50 Addon domains this week, can I add more domains next week?
How will SSL renew if I add 200 add-on domains as SSL renews together for all domains?
Please guide how this can be done, or provide any suggestions for my requirements.
Are these "custom domains" subdomains of the one your SaaS application uses, or are they within your users' domains and which they're pointing to your IP addresses?
As an example, Okta and Salesforce both give out customer-specific domains such example.okta.com or my-name-here.my-salesforce-sites.com. Are you doing that, or saas.example.com and saas.some-other-company.net (where example.com and some-other-company.net aren't your domains?)
I mention Okta and Salesforce specifically because they're two examples that use wildcard certificates -- so the certificate is issued to *.okta.com or *.my-salesforce-sites.com. Two good things about that approach are that you don't need to request a new certificate every time you set up a new customer, and you can have wildcard DNS entries as well, so you don't need to modify DNS every time either.
Wildcard certs aren't always the best solution, and you will need to have control over your own DNS to get them, because they need to use DNS-01 challenges, but I'd suggest they are probably what you need, and certainly worth looking at.
Yes, all the unique domains (Add-on domains) (like, domain1.com, domain2.com, domain3.com) are pointing to my server ip. The SSL certificate is same for all the add-on domains.
So, how many domains i can add into same certificate as there is no option in the panel for separate certificate for each add-on domain.