Request for Increased Rate Limits – High-Volume ACME Service for Multi-Tenant SaaS Platform

Help
1

Dear Let's Encrypt Team,

We are writing to formally request an increase in rate limits for our ACME account, as we operate a large-scale, automated certificate issuance service for our multi-tenant SaaS platform.

  1. Service Overview
  • Our platform provides HTTPS automation for thousands of independent customers.
  • Each customer uses their own registered domain (e.g., customer1.com, customer2.net, etc.), and we issue certificates for their subdomains (e.g., www.customer1.com, api.customer2.net).
  • We use DNS-01 challenge validation exclusively, and all domains are under our customers’ control via delegated DNS or API integration.
  1. Current & Projected Usage
  • Current scale: ~5,000 active registered domains
  • Projected weekly certificate issuance: ~8,000 certificates per week
  • Certificate structure: One certificate per customer, typically containing:
    • *.customer-domain.com
    • customer-domain.com
      (i.e., 2 names per certificate, well below the 100-SAN limit)

Without increased limits, we are constrained by the default policy of 50 certificates per registered domain per week, which is insufficient even for a single high-traffic customer during onboarding or recovery scenarios.

  1. ACME Account Information
    :white_check_mark: ACME Account URL (Production):
    https://acme-v02.api.letsencrypt.org/acme/acct/2970206786

:white_check_mark: Account Key Fingerprint (SHA-256):
Z6q1s1yNJ22Eq-w3Aon2wNs8QNrzg_KvTUTeZq15rlk

(Please replace with your actual fingerprint)

:magnifying_glass_tilted_left: You can generate the fingerprint using:

openssl rsa -in account.key -pubout -outform DER | openssl dgst -sha256 -binary | openssl base64
  1. Commitment to Compliance
  • We strictly adhere to the Let's Encrypt Subscriber Agreement.
  • Certificates are only issued for domains verified via DNS-01 under explicit customer authorization.
  • We implement robust deduplication and renewal logic to avoid unnecessary issuance.
  • We do not issue certificates for wildcards covering public suffixes (e.g., *.com).
  1. Contact Information

We greatly appreciate the free, open, and secure service Let's Encrypt provides to the internet community. This rate limit increase will enable us to continue delivering secure, automated HTTPS to our users at scale.

Thank you for your time and consideration.

Sincerely,
liqing
[Java development freelancer, e.g., Lead Developer / DevOps Engineer]
[SSL certificate application quickly]

4

This is not the correct place to make these requests.

Please see our documentation:

Also, next time you use an AI to make requests, consider filling out the details that the AI has generated, or else your request will not do anything for you.

9 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.