I am new at Let’s Encrypt and I read a lot about it. Now I saw the limitations of requesting certificates. This concept is implemented over the PSL. But now I have two questions:
Why are there such limitations? Is it to prevent DoS-attacks?
And the secone one, .de is a suffix, too, right? So why is it possible to request for .de more than 20 certificates per week? For instance, a.de, b.de, c.de and so on. If I would request more than twenty certificates for ddns.net, the limit would be reached quickly.
Oh you are right, I overread, this, sorry. But then I don’t understand, why it is not possible to register more than 20 .ddns.net-domains (DynDNS-Provider)?
A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar.
So a.ddns.net would be a registered domain? So I can only register twenty of *.a.ddns.net, is this right? Or is there a diffrence to a normal .de-domain?
There is a current limit of 20 Certificates per Registered Domain per week.
so “a.ddns.net” is a registered domain - hence there is a limit of 20 certs/week for subdomains of “a.ddns.net”
where “generic.de” as a registered domain, there is a limit of 20 certs / week for subdomains of “generic.de”
there is no limit on domains “*.ddns.net” as “a.ddns.net” is a different Registered Domain to “b.ddns.net” in the same way as myco.com is different to yourco.com.
My understanding on your other question is that you are writing a thesis on the topic. I’m not sure I want to write your thesis for you If you research the question a little on these forums you will find the answer.
As @serverco (Thanks!) said it isn't about Denial of Service attacks.
We implemented rate limiting because (like any service!) we have a fixed capacity available to us and a large pool of users to share that capacity Rate limits are there to make sure no one user is taking more than their fair share of our capacity for themselves. For Let's Encrypt our capacity is primarily a product of our Hardware Security Module (HSM)'s rate of signatures per second & the number of OCSP responses we need to keep updated (which itself is a product of the number of active certificates we've issued).
If you research the question a little on these forums you will find the answer.
Rate limits are there to make sure no one user is taking more than their fair share of our capacity for themselves. For Let's Encrypt our capacity is primarily a product of our Hardware Security Module (HSM)'s rate of signatures per second & the number of OCSP responses we need to keep updated (which itself is a product of the number of active certificates we've issued).