Ask HN: Other CA with API, similar to Lets Encrypt?
Hi, We started to use Lets Encrypt for automatic certificate generation. Unfortunately we start to get close to rate limits [1], so we requested an increase. Apparently our use case isn't eligible for increased limits, as it wasn't approved (no response, so not declined either). So we started to look for an alternative.
Do you know other CA that provide API for certificate requests? It can be paid. The API doesn't need to be compatible with Lets Encrypt, but it would be nice.
Thank you!
1. https://letsencrypt.org/docs/rate-limits/ ACME (https://en.wikipedia.org/wiki/Automated_Certificate_Manageme...) is still new, I don't believe any other certified CA implements it. What is your use case? Maybe there's a better way. Well, ACME would be perfect, but actually any fully automated process would do. We provide an on-prem software available via browser. And well, we want to be very nice for our customers, so upon installation we also setup a subdomain in a domain that we control and request a certificate for that. At the end of installation we provide user with HTTPS URL where the service is available and with a valid certificate :-) Of course they can later opt-out, use their domain or certificate, but we make it work without security warnings from the first moment. Do you have to control the domain? That's the main source of your rate limiting issues. If you can use different domains for different customers, then you can scale that better. Look into Caddy for automatic ACME integration: https://caddyserver.com/ - This + DNS or HTTP challenge, it sounds like this might work for you. Thanks for hints. The Caddy server looks nice. The default and simplest scenarios is that our domain is used, so that the user is not forced to setup DNS, but they can if they wish. But of course having a set of domains is an option. The problem with that is, that there is still a limited set of domains that we could use and still easily matches with the product. Can I suggest that perhaps you could just start using alternative domains to avoid the rate limit? Edit: also, how long since you requested the increase? They say it takes a few weeks. It is about 1.5 month now. Yes, using different domains is a potential option too, but the domain is directly connected with the product, so want to consider other options too.