[talk] SSL certificates
Charles Sprickman
spork at bway.net
Tue Sep 12 15:08:52 EDT 2017
> On Sep 12, 2017, at 2:27 PM, Craig MacGregor <cmacgreg at gmail.com> wrote:
>
> Let's Encrypt has some limits that can get annoying for this specific use case; you can register effectively unlimited domains, but are limited to 20 subdomains per domain per week. To make it even more complicated, there is no limit for renewals, but renewals also count against those 20 subdomains per week, so if you happen to have a few hundred internal subdomains, you will still run into these limits 90 days down the line, when the certs renew (I just had this issue and was able to resolve via their rate adjustment form and community forum; very responsive and helpful for a free/donation-based service).
These limits can basically rule them out for wildcards. You can work around the limit, but it’s kind of a pain I suspect.
Here’s their docs on this:
https://letsencrypt.org/docs/rate-limits/ <https://letsencrypt.org/docs/rate-limits/>
Also, for a script to handle this, I like dehydrated:
https://github.com/lukas2511/dehydrated <https://github.com/lukas2511/dehydrated> - also in FreeBSD ports collection
Charles
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20170912/171e0c2c/attachment.html>
More information about the talk
mailing list