Ordering certificates across multiple servers

My domain is: moriarty.naughtysysadmins.com

I ran this command: NA

It produced this output: NA

My web server is (include version): NA (using DNS auth, and don’t have a web server installed yet)

The operating system my web server runs on is (include version): Debian Buster

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Dehydrated version: 0.6.2

Hello! I don’t have an issue with ordering certificates. This is more a question about best practices. I have a cluster of personal servers I’m managing, and will set up each of them to order certificates using DNS authentication. Should each server register a new account with LetsEncrypt, or should I be using one “master” account? If the latter is a better practice, what data do I need to be sharing across servers so they all have the same account?

1 Like

Letting each server register its own account is common and okay.

To quote the rate limiting documentation:

You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers.

If you have a reason to use one account – like rate limit exemptions, or hundreds of servers – then do so. If you don’t, do whatever is most convenient. :slightly_smiling_face:

For Dehydrated, I don’t know! :grimacing: For most ACME clients, you should copy a couple config files.


Great to know. Thanks! This won’t grow to very many servers (I’d be surprised if it every got to be more than 10), so I’ll just stick with a unique account for each server then.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.