Lets Encrypt Rate Limits on subdomains for Multisite

I’ve been scouting other topics for this but haven’t been able to find a definitive answer. I’m looking to move one of our multisite networks to the Trellis stack and make use of Lets Encrypt.

The majority of those sites have their own domain. However, around 320 have their original sub domains as assigned upon creation such as:

site1.multisitedomain.com site2.multisitedomain.com site3.multisitedomain.com
Etc etc

So there are 320 of these subdomains. Lets Encrypt states there are limits of "Certificates per Registered Domain (20 Per Week)" unless you obtain a SAN or UCC certificate.

Obviously we would like to move these sub domains to their own domains however those sites without domains are embedded as iframes and serve other uses that don’t fit into the staging Lets Encrypt api, nor can be removed from our live environment.

Am I correct in thinking that the only way forward for me to migrate these sites with a Lets Encrypt Certificate would be to do so in a staggered fashion instead of in one run / deploy?

I’m considering filling out this request form to increase our limits, however, before I do I just want to be sure I understand - that currently Trellis and Lets Encrypt would iterate through each sub domain and attempt to grab a certificate and eventually hit the rate limit imposed? As opposed to using an SAN certificate, which I believe is in beta(?).

To be extra annoying, and chain a question onto my originial. Would it be feasible to selectively issue Lets Encrypt certificates to only some domains when SSL is enabled within wordpress_sites? If this was possible we could almost not worry about the sites hosted on subdomains, and primarily focus on those with their own domains.

Thanks in advance

Trellis does iterate through your WP sites. If you have 320 separate sites in Trellis, then yeah I’m guessing you’d hit their rate limits pretty quickly unfortunately.

Trellis does add multiple domains for a single site which might count differently (though I’m not sure). But again, that’s only for a single site with multiple hosts.

1 Like