Rate Limit for extending SAN

Nope. it’s *.project.employee.company.com, one per combination of employee and project name. If only certs could be issued to *.*.company.com.

Real world example:

  • Users Stephan and Marcus
  • Projects Coke, Amazon
  • Multiple host names per project

Results in:

And now there’s not 2 developers but 10, there’s not 2 projects but 50, and there’s not only USA and EMEA but up to 30 divisions per project.
That’s up to 15’000 domain names in the range of *.*.comany.com, distributed over 500 virtual machines on 10 laptops.

Of course they don’t all run at the same time but one after another. And this is the very reason I can’t simply put LE on all of them: I’d run into rate limits after three or four days.