I’m not using my real owned domain since it has no bearing on these questions. The basis of my questions are rate limits.
We are in the design phase of a project to use Let’s Encrypt and wanted to understand rate limit adjustments a bit better.
I have the registered domain
mycompany.com. Certificates issued to this domain and other subdomains on it are not issued by Let’s Encrypt. Let’s Encrypt certificate requests will only originate from the subdomain
hotels.mycompany.com, many certificates will be issued on this domain, enough to warrant a rate increase.
I have a few hopefully quick questions to clarify using the purposed scenario. The rate limit request form states the following.
You can also adjust by domain, but you may only request an adjustment for up to three domains. Subsequent requests for more per-domain adjustments are not likely to be granted. This is why we recommend adjusting by account ID - then the adjustment applies to all domains used by your account.
When it just says domain, does it mean registered domain? Could I request a rate limit increase for the subdomain
hotels.mycompany.comor would that be denied?
If one can request increases for subdomains could you also request a rate increase for
- In the same request?
- In a different request?
subsequent requests for more per-domain adjustments are not likely to be granted. How does the process define who is doing the request? Is it just by the email or company or something more complex like the domain names being requested or domain of the email used?
Later on in the request form:
What is the largest number of new certificates under a single registered domain you will need in a single week, ignoring renewals?
If you request an increase on two domains is the number you provide here applied to both domains?
Does Let’s Encrypt publish what domains have rate limit increases? I assume not, since I couldn’t find it but wanted to check with a wider audience than my own google skills.
Reasonable questions to ask me.
- Why don’t you just buy another domain? We may do that. We have our current registered domain trusted in code in a few places we’d rather not modify. Plus we aren’t in love with some of the new domain options available to us that are relevant.
- Why don’t you just get a rate increase by account ID? Probably will. I’d like to understand the limitations of requesting a rate increase by DNS names. We really only need it for the subdomain.