Subdomains letsencrypt limits quotas

smehboub · January 10, 2022, 12:43pm

Hello,

I have a root domain (for example example.com) and I would like delegate subdomains to friends (for example sub1.example.com and sub2.example.com to different NS).

Will the subdomains have their own letsencrypt limits quotas or will they be subject to the parent domain's letsencrypt limits quotas ?

Thanks in advance.

Rgs,

Osiris · January 10, 2022, 1:01pm

There are multiple rate limits which have different points to which they count their rate limit. See Rate Limits - Let's Encrypt for more info.

In your case your main limit is the Certificates per Registered Domain.

That said, if the subdomains are delegated to multiple different persons, it's probably a good idea to have your domain listed on the Public Suffix List, e.g., to avoid privacy-damaging "supercookies" being set for high-level domain name suffixes. See https://publicsuffix.org/ for more info. A side effect of having your domain on the PSL is that the calculation of the rate limit for Certificates per Registered Domain is now calculated for the subdomains. Note that this is a side effect and you cannot use the LE rate limits as an argument to include your domain on the PSL.

smehboub · January 10, 2022, 2:00pm

Hello Osiris,

Thank you for the feedback.

Do i must to add my root domain (In my previous example : example.com) to this file: list/public_suffix_list.dat at master · publicsuffix/list · GitHub ?

Subdomains too (In my previous example : sub1.example.com and sub2.example.com) ?

While respecting the process (pull request, etc ...), of course.

Thanks in advance.

Rgs,

Osiris · January 10, 2022, 3:26pm

Just your domain name. I'm assuming sub1 and sub2 would be separate users, right?

smehboub · January 10, 2022, 3:55pm

Yes, sub1 and sub2 are separate users.

A last question, please.

Once my root domain (In my previous example : example.com) added in the public suffix file , will the subdomains (sub1 and sub2) have their own letsencrypt limits quotas ?

Thanks in advance.

Rgs,

rg305 · January 10, 2022, 4:05pm

Yes.
sub1.example.com would be considered as its' own domain and would be subject to those limits.
[there are always limits]

smehboub · January 10, 2022, 9:48pm

I have the answers to all my questions.

Thank you very much Osiris and rg305

Rgs,

system · February 9, 2022, 9:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Limits in Public Suffixes List Help	4	1671	September 1, 2020
Please consider having "subdomain+domain" not be subject to the same 5/7-days rate limit Issuance Policy	6	4148	February 20, 2016
Rate limit cert per domain Issuance Policy	2	2625	January 21, 2016
Limits on separate SSL certificates for each subdomain Help	2	1265	September 24, 2017
How subdomains limit counts Help	8	2609	March 1, 2018

Subdomains letsencrypt limits quotas

Related topics