The main issuing limit is Certificates per Registered Domain
, (20 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar (us). For instance, in the name www.example.com
, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk.
If you have a lot of sub-domains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate. Combined with the above limit, that means you can issue certificates containing up to 2,000 unique sub-domains per week !
Let’s encrypt, also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.
There is a Failed Validation limit of 5 failures per account, per hostname, per hour.
You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours.
You can have a maximum of 300 Pending Authorizations on your account.
If you’ve hit a rate limit, we don’t have a way to temporarily reset it. You’ll need to wait until the rate limit expires after a week. We use a sliding window, so if you issued 10 certificates on Monday and 10 more certificates on Friday, you’ll be able to issue again starting Monday. You can get a list of certificates issued for your registered domain by searching on http://crt.sh
, which uses the public Certificate Transparency logs.
For more information you can check the official documentation about this at: