Performance Issue for more than 100 SAN on single certificate

Hello,

We are planning to issue 100 SAN with a single certificate. Would there be any performance issue ? If yes, what would the implications be ? What highest no# of SAN would be seamlessly supported with a single certificate ?

Thanks in advance.

That depends on your server, but I think probably not (if there's only one cert existing in your system) and vHost numbers are low....(again, this totally depend on your server hardwares and optimizations.)

Let's encrypt allows you to get maximum of 100 SANs per certificate (that could be mixed wildcards and single domains)

Thank you

Hi @kantharia

there is another thread:

One certificate with 100 names, Certbot used. The creation needs one hour.

It does seams excessive.

I made Certbot issue a certificate for 100 names. It took 43 seconds. (I used certonly --webroot.)

Whatever’s causing the delay in that thread, it’s not universal.

(I also have a manual auth hook that would take like 2 hours to do the same thing.)

1 Like

So I think the best answer is “try it” (!).

(Also remember that if any of the names stop pointing to your services in the future, automated renewal of the certificate will fail.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.