Hacker News new | past | comments | ask | show | jobs | submit login

I am not saying 6 days is long enough, but if your automation always wait until the last minute to renew certs, you may have more issues to worry about than the CA's availability. If I am going to use a cert with 6 days lifetime I will be renewing it at least once a day.





Yeah, that conflicts with their rate limits, which I hope they'll revise under this scheme.

https://letsencrypt.org/docs/rate-limits/

For the “exact same set of hostnames” (aka. renewals) the rate limit is 5 certificates every 7 days.

So you could do it every other day, if you can make sure there's only one client doing it.

And they're very clear this is a global limit: creating multiple accounts doesn't subvert it.

So you'll need to manage this centrally, if you have multiple hosts sharing a hostname.

reply


If you have multiple hosts the set should not be the same, no? From the linked page the comparison is a set comparison: one host at hosta.example.com and one host at hostb.example.com each with their own cert bot won't conflict.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: