Using Let's Encrypt as a hosting company?

Hello everyone,
I am building a service similar to Shopify and Squarespace.Customers will point their domain to my IP Address.What is the best way to add certificates for the domains added?Is Let’s Encrypt even the best option for this?
As the service will be new i am not expecting a lot of sign ups.From what i understood i can add 300 domains per 3 hours, is that right?
How many domains can i add before my web server(ex. Nginx) has trouble keeping up?
Best Regards
Alex

1 Like

Hi @AlexTselikas

there is no global rule how to do that. http-01 validation may be the best solution, check

You can add global redirects

http://customerdomain/.well-known/acme-challenge/random-filename

-> https://yourdomain/specialized-directory/random-filename

or

-> https://yourdomain/specialized-directory/customername-random-filename

to manage these challenges.

More important: What client? Sometimes own solutions are the better option. You have a lot of local things - accounts, CSR, private keys, certificates, perhaps config files.

Yes, that's correct. Most limits are domain relevant, so if you have only one certificate per customer, the domain limits aren't a problem.

3 Likes

Hi @JuergenAuer,
Thanks for your response, i really appreciate it.I got confused at your last paragraph.You agree that the limit is 300 domains per 3 hours but then you say that if i only have 1 certificate per customer(which i will) then the domain limits are not a problem.What do you mean by that?Unless you mean that it’s unlikely that i will reach 300 domains per 3 hours which is true since you can just shard the requests for the next 3 hours.
Best Regards.
Alex

1 Like

There are three relevant limits (with a lot of topics):

  • max. 50 certificates per domain. That's critical for large organizations (universities ...) or big companies which want to switch to Letsencrypt certificates. But that's not your situation.
  • 5 identical certificates with the same set of domain names. That's an error, that shouldn't happen. Good working configuration -> this limit isn't relevant.
  • Failed Validation limit of 5 failures per account, per hostname, per hour. Same - working configuration -> that should never happen. To develop an own client, use the stage system.

All other limits are rare. You may hit the ip based limit. But if a customer starts new (and if you don't have more then 300 new users in 3 hours), there should be enough time to create the first certificate.

Renew - start early enough, then the 300 orders / ip / 3 hours shouldn't be a problem.

100 renews per hour -> 2400 per day -> 144.000 certificates and clients per 60 days.

3 Likes

Got it!Thanks for your explanation.
Excellent.

2 Likes

Hi @AlexTselikas,

A page with some other documentation aimed at people in your situation is

You may want to have a look at this too; I think the information there will mostly be relevant to your integration plans.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.