Let's Encrypt - Domain Pointers - WildCard

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
I have one domain.
I am putting domain pointers under that domain.
When I try to install the wildcard Certificate NIST/SECG 384 bit, you can't install just one once you have others installed, you need to install them all again.
Does this count against the 100 per week? ie I have 34 selected entries installed. If I tick just one new one then the old installed ones get removed and only the new one gets installed. I just found out so I am not sure.

So if I do this anymore I have to wait a week?

Is there a way to keep the ones installed and just install new ones?
 

Zhenyapan

Verified User
Joined
Feb 23, 2018
Messages
403
Location
UA
Read attentively rules - "100 per week" it's for 1 domain limitations, each another has own "100 per week" limitations.
 

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
Thanks Zhenyapan, I thought it was 100 per server, that's excellent to know.

There is still the issue on adding just one domain, rather than redoing all the domains again. Or is that so the renewals are all done simultaneous?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
It's changed. It's not 100 per week anymore it's 50 per week.
The main limit is Certificates per Registered Domain (50 per week).
 

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
It's changed. It's not 100 per week anymore it's 50 per week.


The part I don't understand is
You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers. Exceeding these limits is reported with the error message too many registrations for this IP or too many registrations for this IP range.
Is an account 1 per domain? If so I did about 20 Domains on one IP at one time.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
Is an account 1 per domain? If so I did about 20 Domains on one IP at one time.
That is a bit confusing to me too as I'm not native English. But if I understand correctly, 1 account = 1 acme account.
It's explained a bit more in the link which is present in there.
Have a look at "One account or many". Seems to me the one getting the acme messages is the account. We might have to ask smtalk about this, because it might be that the admin is the account as default he also gets all acme notices/errors if enabled.
I'm not sure about this, as it is confusing to me too.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
However, a bit lower it says something in Multi SAN:
Our issuance policy allows for up to 100 names per certificate. Whether you use a separate certificate for every hostname, or group together many hostnames on a small number of certificates, is up to you.
Normally all SNI certificates have the same hostname, the one of the server. Confusing to me too.
 

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
I'm wondering if they pull those restrictions in after a series of applications rather than a one off as in my situation?
I'm sure someone knows what that all means, unfortunately I'm with you, not much makes sense.
 
Top