Some Let's Encrypt Facts
Time validity
Certificates issued by LE are valid for 90 days.
SAN (Subject Alternate Name)
A certificate contains up to 100 domain names in SAN list. The domain names map directly into names of servers, as sub-domain wildcards are not allowed.
Wildcard support
Wildcard certificates are available from March 2018
with DNS validation.
Supported algorithms
RSA
keys, with lengths2048
,3076
, or4096
P-256
ECDSA
keysP-384
ECDSA
keys.
Max certificates request limit
50
certificates per week per registered domain. This is a soft limit. You can request to increase the limit, but please don't always expect a positive outcome!
Renewals (which contain exactly the same set of domains) are not counted into this limit, even if the existing certificate already expired.
Renewal limits
5
renewals per week per certificate. A request for a certificate is counted as a renewal, if it contains exactly the same set of domain names.
Note:
- Domain names are case insensitive
- Domain names can be in any order.
Update domains of an existing certificate
Changing the set of domain names (add new domains, remove domains, modify domains) will be counted as a new certificate request.
Certificate request steps
The steps are:
1. Authorization request
2. Providing a proof of domain ownership
3. Certificate issuance.
These steps should be completed within 7 days
. LE implemented two different time limits:
- 7 days - to complete step 2
- 30 days (currently) - to complete step 3