Software Archaeologist is a user on oldbytes.space. You can follow them or interact with them if you have an account anywhere in the fediverse.
If you don't, you can sign up here.
Software Archaeologist
@dashie
OK...
So letsencrypt have a rate limit on the number of certs [INCLUDING SUB DOMAINS] you can create/renew per week.
So if you have a lot of sub domains and not "one cert for all" : good luck you are f.ed.
@Thib yeah so I just can't create new ssl certs for my domains 'cause I already have >20 sub domains with letsencrypt.
that's wonderfull ...
@dashie There's a support for wildcard certs planned for 2018, until then, you have only this :/
@dashie Personally my workaround consist in making "buckets" of certs for differents things, like one for "public" subdomains and one for "private" subdomains
@KokaKiwi yeah I think I will have to revert to that...
and anyway, no certs are private, crt.sh are indexing all...
@dashie Yeah by "private" I mean the ones I don't want them linked to "public" domains and then allowing to simply look the SAN entry for one "public" domain to find the "private" ones
@KokaKiwi even if only "public" ones are listed in master in the certs, the SANs are visible so well, it's juste "not easier" to find them, nothing more
@dashie No I mean I have two separate certs, one with SANs with "public" domains, and one with SANs with only "private" domains, I'm testing searching them in crt.sh but I can't manage to find them easily so well...
@KokaKiwi I have all my sub domains even "privates" one under the same domain so well, it's a fail anyway.
@dashie iirc you can renew as much as you want, but you are limited in the number of new domains you issue. And while renewals are not limited, they do count in the number of domains issued.