Rate Limit using Certify the Web - Multiple Domains on a single Website


I've been using "Certify the Web" to issue Let's Encrypt certificates for my site.

I manage a e-mail server where each customer access using their own domain (webmail.domain1.com, webmail.domain2.com, webmail.domain3.com, etc)

So my certificate have several different domains (around 30). I've beem migrating other domains to this same server daily, so each time a new domain is migrated, I have to reissue the certificate to add the new domain.

I am not sure if this counts as a renewal (with a rate limit of 5 per week) or if it counts as a new, different certificate, because I have added a new domain to the list. All I know it that "Certify the Web" is alerting me of possible rate limits each time I reissue the certificate.

If it counts as a renewal, I'll have to slow down and migrate 3 or 4 domains per week so I don't run into the limit. If it counts as a new certificate, I don't have to worry about it.

Should I worry about the limit?

Best regards!


Welcome to the Let's Encrypt Community, Rafael :slightly_smiling_face:

A certificate is only considered a renewal if it is a duplicate of an older certificate, meaning that it covers the exact same set of subject alternative names (SANs) as an older certificate. That's not the case here. One rate limit about which you need to be concerned in your case is 300 New Orders per account per 3 hours (too many new orders recently). Why acquire a compound certificate rather than just a simple certificate for each new domain name? The compound certificate will create extra overhead for your users and growing potential points of failure.


Hi griffin

Thank you very much for you answer.

I started using Let's Encrypt with Certify The Web... I am not sure if you are familiar with the software, but it is very simple to just select the website and click request certificate (it automatically selects all domains on the website).

As a expert, do you recommend using a certifitace for each domain? I didn't think it would make a difference.



That's not entirely true. If I read it correctly, all previously issued domains are also included in the new domain.

So let us take as an example the domain example1.com and we'll continuously add more domains (e.g. example2.com, example3.com et c. with a new cert per added domain), but also include example1.com again. That will work fine until we add example51.com within a single week. Once we try to do that, example1.com would have been issued 50 certs! So the 51st cert would hit the max 50 certs per week per domain limit.


@Osiris is exactly correct. That's the primary reason you want to issue individual certificates. I don't know why I spaced this before. For some reason I thought the extra domain names would prevent the new certificate from counting against the 50. I'm very familiar with Certify the Web and its developer @webprofusion.


And, there is also a limit of 100 domain names per certificate so that may one day be a problem too.


You got it right! Thank you for letting me know about this detail.

Well, I'm only adding more domains to the server once a day (during the night, when customers are not accessing the server), that means that existing domains will be issued at max 7 times a week, so that won't be a problem as long as 50 certs is the limit.


I'll keep that limit in mind!

I currently have 38 domains and have 22 more to go. I'll have 60 domains in total, still a long way from 100.

Thank you all for the help!


Be careful, if you add "domain1.com" and "www.domain1.com", then it counts as two entries (per domain) and 100 entries is consumed by only 50 domains (with "www").


Thank you for the info!


I really would just add one certificate per domain unless you have a special reason not to. The disadvantages of bundling domains into one cert include (depending on the context):

  • your customers can see the domains of all your other customers in the certificates
  • if one domain fails to validate during renewal, the whole certificate order fails until you fix it.
  • the aforementioned 100 name limit in Let's Encrypt certificates.

The rate limit warning is there to make you think about what you're doing and do research if you are unsure (which you have done). You are free to ignore it if you are confident you are not affected.


I have no reason to have all domains on a single certificate. I've done it this way because it was easy and straightforward to configure it like that.

Considering the pros and cons, I'll follow you suggestion and split it into individual certificates.

Thank you!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.