Want to increase rate limit


#1

Hello All,

I am building an online store and want to integrated Let’s Encrypt SSL for my client. I am expecting a large number of stores around 1000 store per week. However, if found there is a limit for generating SSL.
https://letsencrypt.org/docs/rate-limits/, Can anybody help me out how I can increase this limit?

Thanks!
Parth


#2

Hi @parthrhce

all with the same domain? Or 1000 different domains?

If you need certificates for 1000 different domains, there is no problem.


#3

@JuergenAuer’s question is very important. If the customers are bringing their own domains, you won’t reach any limit because the limits apply separately to each domain.

If you create subdomains of your domain for each store, you would reach a limit if you issued an individual certificate for each one.

But you can also combine the subdomains into larger certificates. A Let’s Encrypt certificate can cover up to 100 names. That means you could issue only 10 certificates per week (each one covering 100 subdomains), and cover 1000 new subdomains per week. This isn’t a problem for the rate limits at all!

Combining domains into larger certificates is risky when you don’t control the domains (because if one of the certificates expired or the customer no longer pointed it to your server, you could no longer renew the certificate!), but it should be fine when they’re all subdomains of your own domain because you will always be able to renew even if a customer is no longer using a particular store.

It’s important to be aware that with the current rate limits, certificate renewals count against rate limits, but aren’t blocked by them. This means that you should schedule renewals after new certificate issuances during a given week. The renewals could prevent new issuances later in the week, but the new issuances can’t prevent renewals later in the week.

You should also take a look at


I hope this is helpful.


#4

@JuergenAuer Thanks for your support dear, All domain name is diff and customers bringing them.
Is any limit from specific IP for diff domain. Like I have one big server only and all customers can apply from one single server, So is that any limit for specific IP?

Thanks!
Parth


#5

You need to be careful when generating certificates in bulk about these limits:

Overall Requests limit of 20 per second
300 Pending Authorizations
300 New Orders(certificate requests) per account per 3 hours

To avoid these limits my advice would be to avoid parallelize the creations and you should add a little pause (one second for example) between the creation of each certificate.

The another limit per IP is the limit of accounts, but as you manage the certificates I’ll advice to create only one account.


#6

You should check how you want to design your application:

  1. Multi-threaded, so that every customer can start a certificate request (perhaps indirect, by doing other things), so that there are spikes: A lot of certificates in a short time.

  2. If a user starts a certificate request, there is a central queue, which does the job.

(2) is the better solution. Then you can use own protocol files (database entries or something else) and check, that you don’t produce too much orders in one minute.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.