Some Let's Encrypt Facts

Time validity

Certificates issued by LE are valid for 90 days.

SAN (Subject Alternate Name)

A certificate contains up to 100 domain names in SAN list. The domain names map directly into names of servers, as sub-domain wildcards are not allowed.

Wildcard support

Wildcard certificates are available from March 2018 with DNS validation.

Supported algorithms

• RSA keys, with lengths 2048, 3076, or 4096
• P-256 ECDSA keys
• P-384 ECDSA keys.

Max certificates request limit

50 certificates per week per registered domain. This is a soft limit. You can request to increase the limit, but please don't always expect a positive outcome!

Renewals (which contain exactly the same set of domains) are not counted into this limit, even if the existing certificate already expired.

Renewal limits

5 renewals per week per certificate. A request for a certificate is counted as a renewal, if it contains exactly the same set of domain names.

Note:

• Domain names are case insensitive
• Domain names can be in any order.

Update domains of an existing certificate

Changing the set of domain names (add new domains, remove domains, modify domains) will be counted as a new certificate request.

Certificate request steps

The steps are:
1. Authorization request
2. Providing a proof of domain ownership
3. Certificate issuance.

These steps should be completed within 7 days. LE implemented two different time limits:

• 7 days - to complete step 2
• 30 days (currently) - to complete step 3