The main limit is Certificates per Registered Domain, (20 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain.

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalisation and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [ blog.example.com ], you would be able to request additional certificates.

There is a Failed Validation limit of 5 failures per account, per hostname, per hour.

You can have a maximum of 300 Pending Authorisations on your account.

The “new-reg”, “new-authz” and “new-cert” endpoints have an Overall Requests limit of 20 per second.

The “/directory” endpoint has limit of 40 requests per second.