20 is plenty
Let’s Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services.
The certificate authority set up rate limits for cert creation as a defence against hacker interference and denial of service attacks. However the limitation created problems for internet service providers hoping to roll out Let’s Encrypt as part of their service offering.
In response, the non-profit-backed authority has clarified that its main restriction is a weekly limit of 20 certificates per registered domain and a duplicate certificate limit of five certificates per week.
“We’ve designed [them these rate limits] so renewing a certificate almost never hits a rate limit, and so that large organisations can gradually increase the number of certificates they can issue without requiring intervention from Let’s Encrypt,” the organisation explains in a blog post.
“If you’re actively developing or testing a Let’s Encrypt client, please utilize our staging environment instead of the production API.”
Let’s Encrypt provides free of charge digital certificates through an automated process designed to cut through complexity and cost and allow more websites to offer encrypted, secure HTTPS websites.
The service, which is backed by Mozilla, Akamai and the Electronic Frontier Foundation, left beta trails in April.
The operation passed the 5 million active certificate milestone on Monday. ®
Sponsored: 2016 Cyberthreat defense report