Comments (3)
If I use New-PACertificate each time I don't have the originial profile available wouldn't that create new accounts with LE each time?
Yes, it would. But LE accounts aren't necessarily a thing that you can only have one of. They're just an association for one or more contact emails and a set of orders. It's quite common to have an account per "server" that is generating certificates. The LE rate limits page only has this to say regarding account related limits:
The “new-reg”, “new-authz” and “new-cert” endpoints have an Overall Requests limit of 20 per second.
You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers.
So basically, if you need to migrate your installation to a new server or profile and you end up creating a new account in the process, it's no big deal. The orders/certs on the old account will eventually expire and the account will eventually be purged. It only becomes a problem if you're doing this over and over in quick succession.
I should also note that that DPAPI limitation also currently doesn't apply to non-Windows hosts because PowerShell Core doesn't have a working implementation of it yet.
from posh-acme.
The other thing you can do if you really need to keep the profile portable (at the expense of data-at-rest encryption), many of the plugins have "Insecure" parameter set options intended to provide compatibility with non-Windows OSes. But there's nothing stopping you from using them on Windows too.
If there's one in particular you'd want that doesn't have an insecure option, let me know and I can probably add it pretty quick.
from posh-acme.
Thanks for your extensive reply. I have to admit I wasn't aware of the rate limiting policies around LE accounts and the numbers you've mentioned are definitely much higher than what we'll need in forseeable future - so I will stick with the creation of new accounts for now.
from posh-acme.
Related Issues (20)
- Timeout with WebSelfHost on Server 2022 and some 2019 HOT 4
- Feature Request - Function `Test-PAAccount` HOT 4
- ClouDNS PlugIn Fails GET Requeset HOT 2
- Set-PAOrder revokes certificate when -Force used, even with -RevokeCert:$false HOT 1
- [WebRoot Plugin] Support for Network Share Credentials HOT 3
- Is there a reason that the (Get-PACertificate).RenewAfter property is a [System.String] when the NotBefore and NotAfter are [datetime]? HOT 2
- How to use with PowerDNS, can't fins DNS-plugin? HOT 12
- Feedback Request: Dropping Support for PowerShell 5.1 HOT 5
- 1year / 365 days cert ZeroSSL (aka Lifetime LifetimeDays variable) HOT 8
- WEDOS DNS support ? HOT 5
- Multiple Accounts with DigiCert HOT 4
- Cloudflare Plug In fails to convert String to SecureString HOT 7
- Submit-Renewal doesn't appear to follow ErrorAction HOT 2
- Is there a full list of supported fields for -Subject? HOT 3
- 404 on Submit-ChallengeValidation when using LetsEncrypt Staging HOT 1
- OVH plugin using DnsAlias fails if not using subdomain of the OVHdomain HOT 2
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.