Rate limits (and cert bot) - just checking if I understand them correctly :-)


we are a SaaS-Webinar-Platform and want to allow our customers to use their own URLs for our registration page, webinar room etc.; We need SSL certifactes for each of them.
So, for example, a customer could use https://webinar.customer.com

Question 1: That makes '1 certificate per Registered Domain' in this case, right? So the 'Certificates per Registered Domain (50 per week)'-limit will not touch us, correct?

We assume to have like 1.000 customers using this feature over the next 2 years, with a maximum of 250 first-movers in the first week.

Question 2: That would make a maximum of '250 new orders in 1 week' - so the '300 new orders per 3 hours'-limit will not touch us, correct?

Question 3: As the certificates are valid for 90 days, there is basically no reason (except for emergencies or whatever) to create a certificate more than once a week (or even a month) - so, the Dupliace Certificate rule will also not touch us, correct?

Final question #4 concerning Cert Bot: If I were right, Cert Bot would be a good tool for the auto-renewal of the certificates. Are there any further limits on using Cert Bot?

Thank you very much!


1 Like

Correct. If every customer has its own domain name, the certificate would count as 1 cert for that domain.

Correct. 250 is less than 300.

Frankly, there usually is not a single good reason to issue a duplicate certificate within the first 60 days after issuing a certificate to begin with. This is usually due to misconfigurations or users not understanding that testing should be done on the staging environment instead of the production environment.

That said, I'm not sure how exactly the duplicate certs are counted. Perhaps a RSA and ECDSA cert would count as a duplicate if the LE software only looks at the hostnames in the SAN, but I'm not sure.

Note that Let's Encrypt advices to renew only 60 days after issuing the certificate (i.e., with 90 days cert life time, within 30 days of expiry). So renewing once a week or even once per month would mean an EARLY renewal. Please only renew after 60 days of issuance.

This is a very broad question. Are there limits to Certbot? Probably, depending on what's important to you. Without specifics this question is hard to answer.


Thank you very much for your answer Osiris!

I think I can't narrow it down, but probably make it more tangible: Can I use Cert Bot to renew 1.000 certificates every 60 days, or has Cert Bot somel imit like "only 100 per month"?

Thank you!

1 Like

No such hard limit exists. That said, Certbot is a Python program. I'm not an expert, but Python is not known to be the fastest nor does it probably have the smallest memory footprint. Although I believe Certbot should not have any difficulty managing 1000 certificates. Might be a different story if you're planning on using Certbot on a Raspberry Pi for example though.

Also, if you're gradually increasing the amount of certificates on your server, all the renewals would be spread out over time too. So there wouldn't be just one moment in time where all certificates renew at once, but once in a while one or a few certificates would be due for renewal and get renewed. This is also the reason why Certbot by default (depending on how you installed Certbot!) would be run twice a day. Usually doing nothing when it runs, but if a cert is due for renewal, it gets renewed as soon as possible.


Yes, they count as duplicates.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.