Would you guys consider altering the rate limits so that duplicate issuance for ECDSA vs. RSA doesn’t count twice?
Apache 2.4 allows hosting both an ECDSA and an RSA cert from the same vhost. This is a boon for ECDSA rollout since it alleviates the fear that a client may fail to do a proper SSL handshake for lack of ECDSA support.
Of course, people who use LE and who want to do this dual-certificate setup will effectively have their rate limits halved.
So, my proposal is that, within a given rate-limit period, the issuance of a cert that otherwise would count against the rate limit be permitted if it’s a request for the same cert that’s been issued using a different key.