Let’s Encrypt is a free, automated, and open certificate authority (CA), which is an initiative of the Internet Security Research Group (ISRG). It aims to deliver free digital SSL/TLS certificates to people who want to migrate to HTTPS to make their websites more secure because Let’s Encrypt believes in promoting more secure and privacy-respecting web, and Cloudways supports Let’s Encrypt’s initiative and offers effortless installation of Free Let’s Encrypt Certificate, and Free Let’s Encrypt Wildcard Certificate to you via Cloudways Platform.
Although Let’s Encrypt is a free and open certificate authority (CA), but has some limitations for its SSL/TLS certificates to prevent abuse of this feature; therefore, we will explain their limitations in this article. These restrictions are set from Let’s Encrypt, so Cloudways can not modify these limitations, and revoking SSL certificates will not reset these defined limits as well.
Click Here if you would like to know what an SSL certificate is and what are the different types of SSL certificates.
Limitations of Installing SSL Certificates
Here are some limitations to the installing Let’s Encrypt SSL Certificate.
A maximum of 5 certificates per exact FQDN (Fully Qualified Domain Name) can be issued in a week. For example, if you install a certificate for the FQDN (www.mysite.com, mysite.com), you could install four more certificates for the same FQDN (www.mysite.com, mysite.com) during the week. This will cover the cases when you have decided to move your web application from one server to another server etc.
Only one Let’s Encrypt SSL certificate can be installed per application.
One Let’s Encrypt SSL Certificate can accommodate a maximum of 100 SANs (Subject Alternative Names).
To increase the coverage of more than 100 SANs (Subject Alternative Names), you need to distribute your application into multiple applications and install SSL certificates on those multiple applications.
Limitations of Renewing SSL Certificates
Let’s Encrypt SSL Certificate expires after 90 days validity, which you can either set the instructions of renewing the SSL certificate automatically, or you can do on-demand renewal of your Let’s Encrypt Certificate or Let’s Encrypt Wildcard Certificate via Cloudways Platform when you are close to the expiry date. If you have enabled the auto-renewal feature, then it will automatically renew your SSL certificate before 30 days of the expiry date, so you do not have to go through the process of renewing the SSL certificate manually.
Now, if you are renewing your SSL certificate manually using the on-demand renewal feature, then you need to be cautious as you can only renew your SSL certificate only five times per day. Renewing once using the on-demand feature will renew your SSL Certificate with 90 days expiry date from the date of certificate issuance. If you exceed your limit of renewing the SSL certificate in a day, then this limit will reset after 24 hours so you can renew it again.
If the auto-renewal option of your SSL certificate stops working, then please refer to the solutions written in this article to fix the issue.
In case, if you no longer need an SSL certificate or if you are moving the existing domain to a different web application hosted on Cloudways server then it is recommended that you revoke the SSL Certificate for that domain and then deploy a new SSL Certificate on your web application.