
Ask HN: Other CA with API, similar to Lets Encrypt? - prohor
Hi,
We started to use Lets Encrypt for automatic certificate generation. Unfortunately we start to get close to rate limits [1], so we requested an increase. Apparently our use case isn&#x27;t eligible for increased limits, as it wasn&#x27;t approved (no response, so not declined either). So we started to look for an alternative.<p>Do you know other CA that provide API for certificate requests? It can be paid. The API doesn&#x27;t need to be compatible with Lets Encrypt, but it would be nice.<p>Thank you!<p>1. https:&#x2F;&#x2F;letsencrypt.org&#x2F;docs&#x2F;rate-limits&#x2F;
======
scrollaway
ACME
([https://en.wikipedia.org/wiki/Automated_Certificate_Manageme...](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment))
is still new, I don't believe any other certified CA implements it.

What is your use case? Maybe there's a better way.

~~~
prohor
Well, ACME would be perfect, but actually any fully automated process would
do.

We provide an on-prem software available via browser. And well, we want to be
very nice for our customers, so upon installation we also setup a subdomain in
a domain that we control and request a certificate for that. At the end of
installation we provide user with HTTPS URL where the service is available and
with a valid certificate :-) Of course they can later opt-out, use their
domain or certificate, but we make it work without security warnings from the
first moment.

~~~
scrollaway
Do you have to control the domain? That's the main source of your rate
limiting issues.

If you can use different domains for different customers, then you can scale
that better.

Look into Caddy for automatic ACME integration:
[https://caddyserver.com/](https://caddyserver.com/) \- This + DNS or HTTP
challenge, it sounds like this might work for you.

~~~
prohor
Thanks for hints. The Caddy server looks nice.

The default and simplest scenarios is that our domain is used, so that the
user is not forced to setup DNS, but they can if they wish. But of course
having a set of domains is an option. The problem with that is, that there is
still a limited set of domains that we could use and still easily matches with
the product.

------
stephenr
Can I suggest that perhaps you could just start using alternative domains to
avoid the rate limit?

Edit: also, how long since you requested the increase? They say it takes a few
weeks.

~~~
prohor
It is about 1.5 month now.

Yes, using different domains is a potential option too, but the domain is
directly connected with the product, so want to consider other options too.

