Let's Encrypt - Domain Pointers - WildCard

[grynge]

I have one domain.
I am putting domain pointers under that domain.
When I try to install the wildcard Certificate NIST/SECG 384 bit, you can't install just one once you have others installed, you need to install them all again.
Does this count against the 100 per week? ie I have 34 selected entries installed. If I tick just one new one then the old installed ones get removed and only the new one gets installed. I just found out so I am not sure.

So if I do this anymore I have to wait a week?

Is there a way to keep the ones installed and just install new ones?

 

[Zhenyapan]

Read attentively rules - "100 per week" it's for 1 domain limitations, each another has own "100 per week" limitations.

 

[grynge]

Thanks Zhenyapan, I thought it was 100 per server, that's excellent to know.

There is still the issue on adding just one domain, rather than redoing all the domains again. Or is that so the renewals are all done simultaneous?

 

[Richard G]

It's changed. It's not 100 per week anymore it's 50 per week.

The main limit is Certificates per Registered Domain (50 per week).

Rate Limits - Let's Encrypt

Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so renewing a certificate almost never hits a rate limit, and so that large organizations can gradually...

letsencrypt.org

 

[grynge]

It's changed. It's not 100 per week anymore it's 50 per week.

Rate Limits - Let's Encrypt

Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so renewing a certificate almost never hits a rate limit, and so that large organizations can gradually...

letsencrypt.org

The part I don't understand is

You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers. Exceeding these limits is reported with the error message too many registrations for this IP or too many registrations for this IP range.

Is an account 1 per domain? If so I did about 20 Domains on one IP at one time.

 

[Richard G]

Is an account 1 per domain? If so I did about 20 Domains on one IP at one time.

That is a bit confusing to me too as I'm not native English. But if I understand correctly, 1 account = 1 acme account.
It's explained a bit more in the link which is present in there.

Integration Guide - Let's Encrypt

This document contains helpful advice if you are a hosting provider or large website integrating Let’s Encrypt, or you are writing client software for Let’s Encrypt. Plan for Change Both Let’s Encrypt and the Web PKI will continue to evolve over time. You should make sure you have the ability to...

letsencrypt.org

Have a look at "One account or many". Seems to me the one getting the acme messages is the account. We might have to ask smtalk about this, because it might be that the admin is the account as default he also gets all acme notices/errors if enabled.
I'm not sure about this, as it is confusing to me too.

 

[Richard G]

However, a bit lower it says something in Multi SAN:

Our issuance policy allows for up to 100 names per certificate. Whether you use a separate certificate for every hostname, or group together many hostnames on a small number of certificates, is up to you.

Normally all SNI certificates have the same hostname, the one of the server. Confusing to me too.

 

[grynge]

I'm wondering if they pull those restrictions in after a series of applications rather than a one off as in my situation?
I'm sure someone knows what that all means, unfortunately I'm with you, not much makes sense.