Maximum amount of certificates issued against a domain


#1

Hey there,

I am well aware that there is a rate limiting of 20 domains per week. However, There also appears to be a limit on the maximum amount of certificates that can be issued to a domain. Is there a way I can make a special request to have more than X amount of certificates issued against a domain?


#2

https://letsencrypt.org/docs/rate-limits/

There isn’t a particular limit on number of domains per week. If you have a truly enormous number of domains – like, millions – you may have trouble with the Pending Authorizations and Overall Requests per second limits, but it’s difficult for most users to issue that many certificates that quickly.

There’s a limit of 20 certificates per domain per week.

That’s discussed at the link at the top of this post:

If you are a large hosting provider or organization working on a Let’s Encrypt integration, we have a rate limiting form that can be used to request a higher rate limit. It takes a few weeks to process requests, so this form is not suitable if you just need to reset a rate limit faster than it resets on its own.

Note that most hosting providers don’t need rate limit increases, because there’s no limit on the number of distinct registered domains for which you can issue. So long as most of your customers don’t have more than 2,000 subdomains on a registered domain, you most likely do not need an increase. See our Integration Guide for more advice.

May i ask which limit(s) you’re running into, and why?


#3

Sorry, I re-read what I wrote and i see how what i wrote was very confusing.

I have a single domain. Under this domain I have many sub domains. For each sub domain I am trying to have a LE certificate issued to that sub domain. The reason I am doing this/using LE is because I have a windows app where installing a self signed certificate requires administrative privs but since the LE root CA is already accepted, users can install the application without having to grant it administrative privs.

I think I have 50 or so sub domains which have the LE certificate installed and everything is great. trying to install the LE certificate under the other servers I have is giving me this error:

There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: connectedover.com


#4

Can you issue certificates in batches, with each certificate covering a large number of names?

For example, you could get user1.example.com, user2.example.com, …, user99.example.com, user100.example.com all in one certificate.

Otherwise, you may need to apply for a rate limit increase, use a different design, or use a different CA… :slight_frown:


#5

Creating certificates with a bunch of SAN entries is definitely possible but a programming nightmare to manage on my end. It would be easier to register a few more domains such as example.com, example2.com etc and have the LE certificates issued under those. In a perfect world, strongswan would support wildcard certificates that I could use but unfortunately they don’t and probably won’t due to their own reasonings.

Would you happen to have a link for the rate limit increase? The URL I found seemed to be for people who are above the 500 certificate mark which I a not (yet). I can deal with with the limit of 20 per week but the upper limit on how many can be issued against a specific domain is what is killing me.


#6

As it turns out, I can use a single certificate across multiple servers and there is no need to have to have one certificate per server. Problem solved.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.