We’re about to set up some infrastructure which will move approximately 12000 domains from their current HTTP only service to use HTTPS.
From what I can see on the rate limits page there doesn’t seem to be any limit to us setting up certificates for the unique domains, such as example.com, example.co.uk, example.org.uk, but we also have some other domains which are subdomains of a provider, as we are a UK school provider, these are similar to the following, .enfield.sch.uk, so the top result in Google is for www.southgate.enfield.sch.uk, and we might also have the following domains - www.enfieldcs.enfield.sch.uk, www.bishopstopfords.enfield.sch.uk, - for which we will also need to issue certificates for.
Obviously we might then run into issues such as the number of distinct domains we’re issuing for if letsencrypt considers the .enfield.sch.uk to be the registered domain rather than the southgate.enfield.sch.uk domain. Also, we’ll be issuing something in the order of 4000 .co.uk domains and I can’t see anything in the rate limit docs which might suggest that issuing 12000 unique domains would be an issue (from a single IP address, so long as they validate and we don’t exceed the 20/40 reqs/sec.)
Can anyone weigh in if they know any different?
We’re going to put processes in place if a domain is removed from our system it will be revoked and deleted, both in terms of the cert/key/pem and from the list of domains on our system.
Also, we’ll not be sending any requests to LetsEncrypt until we have confirmed DNS resolves to our infrastructure’s IP address which should mean that validation shouldn’t have reason to fail; at least not repeatedly…
Kind regards,
Richard