Sunday, February 21, 2016

PSA: Beware of low rate limits in letsencrypt

I've been noodling around with letsencrypt, the Mozilla foundation's new free SSL certificate service.  It's pretty cool.  There's no reason to ever pay for (or wait for!) an SSL certificate again.  However, there is a hidden trap in the public beta which I discovered the hard way: there's a rate limit of five certificates per domain per week, and there's no warning about this until you hit the limit.

So... if you use letsencrypt (and you really should!  It's easy!) use a dummy domain or their staging server for experiments, and plan your actual certificate issuance very carefully.  The rate limits should go up eventually, but there's no telling when that will happen.


No comments: