Renewals eats certification limit

plitter · February 13, 2017, 2:23pm

I just saw this Clarification of rate limiting in Documentation / Rate Limits, which would ruin my original plan which was:

1 account
Collect new sites and get a certificate for said collection every 2 hours in office hours.

So now I’m thinking about doing it like this and wanted to know if that is ok:

One account for renewals
X account for new certificates

Is this ok? From your rate-limit doc you have creation of up to 500 accounts pr 3 hours, which is why I’m suggesting this solution. Or is there something I’m missing?

Osiris · February 13, 2017, 2:45pm

The rate limits per domain are not coupled to an account. So if you hit, for example, the “Certificates per Registered Domain” rate limit on account X, you still would get the error if you switched to account Y.

plitter · February 13, 2017, 2:49pm

I thought example.org, … , example20.org on account 1 and then do example21.org, …, example40 on account 2 would work? Is the rate limit pr IP?

serverco · February 13, 2017, 3:43pm

example.org and example20.org are different registered domains, so not subject to the “rate limit per domain”

does https://letsencrypt.org/docs/rate-limits/ clarify things ?

IF you could explain a little more what you are trying to do ( and if these are completely independent domains, or subdomains and roughly how many you expect per hour or in total) then we’ll suggest a solution that can hopefully work for you.

plitter · February 13, 2017, 5:37pm

Maybe I’ve misunderstood something. I thought any domain would be subject to “Certificates per Registered Domain” rule. We have many domains as in example.org through example.com. They will usually have www. and/or maybe shop. So usually a main domain and subdomain thats either www or shop.

But basically I’ve misunderstood and I’ll be able to get certificates for examples.org through examples100.org as long as I watch the “Overall Requests”. If thats the case the job suddenly got alot easier

Osiris · February 13, 2017, 5:41pm

If you only have a few subdomains, chances of hitting a rate limit are pretty slim The most restrictive rate limit (Certificates per Registered Domain) only counts actual domains, not subdomains.

plitter · February 13, 2017, 7:33pm

Ok, so to take an example.
example.org takes 1 certificate on "Certificates per Registered Domain"
shop.example.org takes 1 certificate on "Certificates per Registered Domain"
www.example.org takes 1 certificate on "Certificates per Registered Domain"
Leaving example.org with 17 “Certificates per Registered Domain” left for domain example.org (could technically put all on the same cert, but for sake of argument).
Then I could do the same for example2.com and I would have 17 certificates left for example2.com, correct?

Osiris · February 13, 2017, 8:39pm

Correct.

system · March 15, 2017, 8:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Clarifications about rate limit and renewals Issuance Policy	5	1279	March 18, 2020
Need a clarification about one of the rate limits Help	6	555	April 30, 2022
Clarification on rate limits Issuance Policy	10	1906	July 24, 2017
Clarification regarding the sub-domains rate limit Help	3	417	July 18, 2022
Rate Limits & Renewals Issuance Policy	5	2695	March 18, 2017

Renewals eats certification limit

Related topics