Wildcard Certificate limit


#1

Hello,
I installed wildcard certificate using bellow tutorial.

if i understand Rate limit documentation correctly i can only have 100 names per one wildcard certificate.
if above is correct i have 2 questions:

1)what is the difference between 100 Names per Certificate .and 5,000 unique subdomains per week.?

2)In my project i create automatic sub-domain for each user and daily i expect approximate of 200 sub-domain request, is there any possible way to do it with wildcard certificate ?


#2

I think the 5,000 wording is a little confusing. There’s no such limit, it’s just a combination of:

  1. You can only fit 100 domains onto one certificate
  2. Each Registered Domain may only appear on 50 certificates per week.
  3. 100 * 50 = a theoretical maximum of 5,000 variations of (a.example.org, b.example.org, etc.) split across 50 certificates in groups of 100

But for example … if your project assigns customer domains like this:

  • customer-a.example.org
  • customer-b.example.org
  • customer-c.example.org

Then you only need a single certificate with a single domain ( *.example.org).

If you use such a wildcard, then there is no limit on the number of subdomains it will cover and you can forget about rate limits.

If you can provide some extra info about how you assign customer domains and what they look like, that would be best.


#3

Hello,

And thank you for your kind response. if i understand correctly rate limit is for separate certificates for sub-domains as domains. and in case of single wildcard *.example.org certificate all of my sub-domains sub1.example.org sub2.example.org sub3.example.org etc will be secured without limit under single *.example.org certificate?

reference to my setup, i have rewrite rule which diverts example.org/dir to dir.example.org subdomain, and new dir is created for every registered user, i simple need to have secure icon when customer opens his https://dir.example.org domain.


#4

Hi @Boffice

yes. You need one certificate with two domain names *.example.com + example.com, that doesn’t hit a limit. Then it’s not relevant if you have 5 or 50.000 subdomains.

You can use a dns wildcard and a vHost wildcard. The vHost uses the wildcard certificate.


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.