Renewals eats certification limit


#1

I just saw this Clarification of rate limiting in Documentation / Rate Limits, which would ruin my original plan which was:

  • 1 account
  • Collect new sites and get a certificate for said collection every 2 hours in office hours.

So now I’m thinking about doing it like this and wanted to know if that is ok:

  • One account for renewals
  • X account for new certificates

Is this ok? From your rate-limit doc you have creation of up to 500 accounts pr 3 hours, which is why I’m suggesting this solution. Or is there something I’m missing?


#2

The rate limits per domain are not coupled to an account. So if you hit, for example, the “Certificates per Registered Domain” rate limit on account X, you still would get the error if you switched to account Y.


#3

I thought example.org, … , example20.org on account 1 and then do example21.org, …, example40 on account 2 would work? Is the rate limit pr IP?


#4

example.org and example20.org are different registered domains, so not subject to the “rate limit per domain”

does https://letsencrypt.org/docs/rate-limits/ clarify things ?

IF you could explain a little more what you are trying to do ( and if these are completely independent domains, or subdomains and roughly how many you expect per hour or in total) then we’ll suggest a solution that can hopefully work for you.


#5

Maybe I’ve misunderstood something. I thought any domain would be subject to “Certificates per Registered Domain” rule. We have many domains as in example.org through example.com. They will usually have www. and/or maybe shop. So usually a main domain and subdomain thats either www or shop.

But basically I’ve misunderstood and I’ll be able to get certificates for examples.org through examples100.org as long as I watch the “Overall Requests”. If thats the case the job suddenly got alot easier :slight_smile:


#6

If you only have a few subdomains, chances of hitting a rate limit are pretty slim :slight_smile: The most restrictive rate limit (Certificates per Registered Domain) only counts actual domains, not subdomains.


#7

Ok, so to take an example.
example.org takes 1 certificate on "Certificates per Registered Domain"
shop.example.org takes 1 certificate on "Certificates per Registered Domain"
www.example.org takes 1 certificate on "Certificates per Registered Domain"
Leaving example.org with 17 “Certificates per Registered Domain” left for domain example.org (could technically put all on the same cert, but for sake of argument).
Then I could do the same for example2.com and I would have 17 certificates left for example2.com, correct?


#8

Correct.  


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.