So my certificate have several different domains (around 30). I've beem migrating other domains to this same server daily, so each time a new domain is migrated, I have to reissue the certificate to add the new domain.
I am not sure if this counts as a renewal (with a rate limit of 5 per week) or if it counts as a new, different certificate, because I have added a new domain to the list. All I know it that "Certify the Web" is alerting me of possible rate limits each time I reissue the certificate.
If it counts as a renewal, I'll have to slow down and migrate 3 or 4 domains per week so I don't run into the limit. If it counts as a new certificate, I don't have to worry about it.
A certificate is only considered a renewal if it is a duplicate of an older certificate, meaning that it covers the exact same set of subject alternative names (SANs) as an older certificate. That's not the case here. One rate limit about which you need to be concerned in your case is 300 New Orders per account per 3 hours (too many new orders recently). Why acquire a compound certificate rather than just a simple certificate for each new domain name? The compound certificate will create extra overhead for your users and growing potential points of failure.
I started using Let's Encrypt with Certify The Web... I am not sure if you are familiar with the software, but it is very simple to just select the website and click request certificate (it automatically selects all domains on the website).
As a expert, do you recommend using a certifitace for each domain? I didn't think it would make a difference.
That's not entirely true. If I read it correctly, all previously issued domains are also included in the new domain.
So let us take as an example the domain example1.com and we'll continuously add more domains (e.g. example2.com, example3.com et c. with a new cert per added domain), but also include example1.com again. That will work fine until we add example51.com within a single week. Once we try to do that, example1.com would have been issued 50 certs! So the 51st cert would hit the max 50 certs per week per domain limit.
@Osiris is exactly correct. That's the primary reason you want to issue individual certificates. I don't know why I spaced this before. For some reason I thought the extra domain names would prevent the new certificate from counting against the 50. I'm very familiar with Certify the Web and its developer @webprofusion.
You got it right! Thank you for letting me know about this detail.
Well, I'm only adding more domains to the server once a day (during the night, when customers are not accessing the server), that means that existing domains will be issued at max 7 times a week, so that won't be a problem as long as 50 certs is the limit.
Be careful, if you add "domain1.com" and "www.domain1.com", then it counts as two entries (per domain) and 100 entries is consumed by only 50 domains (with "www").
I really would just add one certificate per domain unless you have a special reason not to. The disadvantages of bundling domains into one cert include (depending on the context):
your customers can see the domains of all your other customers in the certificates
if one domain fails to validate during renewal, the whole certificate order fails until you fix it.
the aforementioned 100 name limit in Let's Encrypt certificates.
The rate limit warning is there to make you think about what you're doing and do research if you are unsure (which you have done). You are free to ignore it if you are confident you are not affected.
