Hacker News new | past | comments | ask | show | jobs | submit login

This sounds more like a design decision by that blogging platform rather than something that's caused by Let's Encrypt. Excluding maintenance windows or any other unplanned downtime or performance issues (which happen relatively rarely), the issuance process doesn't take anywhere near close to 24 hours. Account registration, domain validation and certificate issuance is typically done in less than ten seconds.

The existing rate limits[1] should have very little effect even for very large integrators. A form for rate limit adjustments exists for those who need a large number of subdomains (and would rather not obtain a wildcard certificate) or need to add new domains at a very high rate (i.e. the WordPress.com's and OVH's of this world).

[1]: https://letsencrypt.org/docs/rate-limits/




Edit: The document you linked to was recently updated, but the top of the page incorrectly says "Last updated: August 10, 2016". I wrote my response with the old document in mind. It's obvious to me now that this page was actually last updated in December 2016.

If I don't batch multiple SANs into one certificate and stagger a certificate queue, I will very quickly run into the Let's Encrypt rate limit.

If I don't want my users to wait for the queue to be processed, I could immediately request a new certificate for every new user's subdomain, but then I'd be limited to 10 new users every 3 hours.


I assume by "multiple SANs", you're referring to subdomains under the same registered domain? In that case, you can use the rate limit adjustment form or register your domain as a public suffix if that's more appropriate. The form has been available since August. The rate limits in general have not changed since back then (or even before, I don't recall) either.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: