Yes, in that case there should be no problem with the rate limits.
You can also choose to combine them this way, but it isn’t required. You can combine up to 100 names into one certificate.
One thing that other hosting providers have found challenging in your situation is that a customer can choose to stop pointing its domain at your service, for example
- because the customer stopped using your service without telling you
- because the customer’s nameservers broke
- because the customer’s domain expired
- because the customer sold the domain name to somebody else
In that case, you can no longer renew the certificate because you can no longer complete the proof of domain control process. But you wouldn’t have any reason to anticipate this!
For some hosting providers, this is an argument in favor of not combining the names into a single large certificate, because if you try to renew using the built-in renew feature in a tool like Certbot, you have a high probability that the renewal fails for a reason that’s outside of your control. (Certbot in particular does have an option called
--allow-subset-of-names, which will continue with the renewal process even if some names failed to renew, but this is kind of dangerous because it has no way to distinguish between temporary and permanent failures, and no way to try to re-add failed names in the future.) The most annoying thing about this is that it’s a way that one customer can affect the reliability of the service that you provide to other customers!
In any case, you probably want to build some kind of monitoring tool to check frequently whether names appear to still be correctly pointed at your service, so that you won’t try to renew names that are likely to fail, or so that you can contact those customers to ask them to solve the problem, or temporarily deactivate their service, or whatever course of action you prefer.