Maximum certificate for sub domains?

Is there maximum number of sub domain to be certified by Let’s Encrypt? Can I create certifcates for more than 100 sub domain?

Thank you :slight_smile:

You can’t put more than 100 entries into a single cert.
You can use multiple certs.

There are “limits” that must be adhered to.
As an example: You won’t be able to issue certs for 25K domains in a single day.
Even breaking 25K entries by 100 per each cert, that’s still 250 certs

2 Likes

So, I only can use 100 sub domain per 1 domain?

And I should using another domain?

The 100 entries can be from different domains or from the same domain.
If you have 753 subdomains you will need (at least) 8 certs to cover all of them.
[presuming you don’t use FQDN and www.FQDN - if you do, then double that number]

From: https://letsencrypt.org/docs/rate-limits/

…you can issue certificates containing up to 5,000 unique subdomains per week.

1 Like

I still didn’t get it. The limit of 100 entries is for domain or IP?

By the way, I’m using aaPanel that have feature to generate Let’s Encrypt Certificate automatically.

For example, I have domain mydomain.com and I want to create sub1.mydomain.com to sub150.mydomain.com. Is that possible? Or I need to create sub1.mydomain.com to sub100.mydomain.com and then I add new domain (ex: mydomain2.com), so I have to create another 50 certificate for new sub domain of mydomain2.com?

The limits (as you explain them) seem to be within aaPanel.
The limit is 100 entries per cert.
How the panel organizes that is controlled by the panel.

Not on one cert.

You need to have another panel entry - if that requires another domain that requirement is imposed by the panel.
LE doesn’t impose such a restriction.
You could have:
sub1 to 100 on one cert
sub101 to 200 on another cert
sub201 to 300 on another cert

sub4901 to 5000 on another cert.
All from the same domain.

1 Like

Oh it’s depend on how aaPanel manage the LE Certificate then.

Okay, thank’s for the explaination :wink:

If you have a lot of subdomains, you might be better off with a wildcard certificate, which is valid for all subdomains of a given private domain.

2 Likes

Is wildcard certificate is limited by 100 entries limit per certifcate from let’s encrypt?

I’m not sure what your question is.
The limit is “100 certificate subject alternate names” entries. As such, one wildcard is only one entry. For example, look at certificate on https://pages.github.com/ and the names. As you see, there are only 7 names, but one of them is *.github.io, so GitHub can use this certificate on all GitHub Pages domains and there are thousands of those.

2 Likes

Okay, thanks for your explanation. I’ll try the wildcard. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.