Stupid one first - it has been asked a million times, but because i am stupid i still fail to understand it. So the limit is 20 per week.
I just don’t understand if I have 21 different domains like a.com, b.com, c.com etc… will I hit the limit or the 20 limit is for subdomains and i can issue as much different domains as I want ?
Because at the moment i have ~10 different domains that are issued at the same day ( i just want to prevent myself to hit the limit at some day and forget about it )
Normal question.
My domains have a domain and 1 subdomain. I am just currious which is better for me and for lets encrypt servers, should i issue the 2 certificates separated like exmaple.com + admin.exmaple.com, or should I issue a widecard for example.com that i think works for both exmaple.com and admin.example.com ?
It kind of depends on exactly what you do. The limit is per-certificate and per-domain. You can issue certificates for as many different domains as you want. If you have a million domains, and you got two certificates like:
example.com, www.example.com
example.net, www.example.net
That would count as 1 for example.com and 1 for example.net. You could issue 19 more certificates for each of those domains, and another 19,999,960 certificates total for your other 999,998 domains. (In theory, at least.)
That also counts as 1 for example.com and 1 for example.net.
One certificate can include up to 100 names, but if you're adding and removing (sub)domains frequently, you can eat up the rate limits for every domain in the certificate.
If you're adding and removing (sub)domains dozens of times a week, it would be prudent to put the busy domains in separate certificates.
But it's fine to have 21 different domains.
What about 1 certificate for example.com + admin.example.com?
Wildcards only apply to one level. A certificate for *.example.com covers admin.example.com but not example.com or abc.def.example.com. If you used wildcards, you'd still have to include both example.com and *.example.com if you want https://example.com/ to work.
I don't really recommend using wildcards if you don't have to. DNS validation isn't convenient in every environment, and the risks can be higher if one of your private keys gets compromised.
