Let's Encrypt is a popular Certificate Authority (CA) that provides free SSL/TLS certificates to secure websites. However, to prevent abuse and ensure fair usage, Let's Encrypt enforces several rate limits. Understanding these limits is essential for website administrators and developers to manage their certificate issuance efficiently.

What Are the Key Rate Limits?

Let's Encrypt's rate limits are designed to control the number of certificates issued or managed within a specific timeframe. The main limits include:

  • Certificates per Registered Domain: 50 certificates per registered domain per week. This includes subdomains and SANs (Subject Alternative Names).
  • Duplicate Certificate Limit: 5 duplicate certificates for the same set of domains per week.
  • Account Registration Limit: 10 new account registrations per IP address per hour.
  • Failed Validation Limit: 5 failed validation attempts per account per hour.

Strategies to Manage Rate Limits Effectively

To avoid hitting these limits, consider the following best practices:

  • Plan Certificate Requests: Batch domain requests and avoid unnecessary re-issuance.
  • Use Certificate Management Tools: Automate renewal and issuance processes with tools like Certbot to optimize requests.
  • Leverage Wildcard Certificates: Use wildcard certificates to cover multiple subdomains, reducing the number of certificates needed.
  • Implement Caching: Cache certificate data where possible to minimize repeated validation requests.
  • Monitor Usage: Keep track of your certificate requests to stay within limits and plan accordingly.

Additional Tips and Considerations

If you approach the rate limits, consider the following options:

  • Spread Requests Over Time: Distribute certificate requests throughout the week.
  • Use Staging Environment: Test your certificate setup in the Let's Encrypt staging environment to avoid consuming production limits.
  • Contact Support: If you have a legitimate need that exceeds the limits, contact Let's Encrypt support for assistance.

By understanding and managing these rate limits effectively, you can ensure smooth and uninterrupted SSL certificate issuance for your websites, maintaining security and trust with your users.