#TIL - ZeroSSL

Free SSL Certificates and SSL Tools - ZeroSSL

Free SSL certificates issued instantly online, supporting ACME clients, SSL monitoring, quick validation and automated SSL renewal via ZeroSSL Bot or REST API.

ZeroSSL LogoZeroSSL

I use LetsEncrypt for all of my projects since a while. But this week I learned that, LetsEncrypt has a limit of 50 domain certificates generation per week.

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com.
https://letsencrypt.org/docs/rate-limits/

This is still a generous number but if you consider to provide a SaaS with custom domain support, you would need to consider a solution. ZeroSSL can be a good drop-in replacement for LetsEncrypt since it also supports ACME clients. So it works with Traefik, that was important to me. And $8/m for basic requirements seems like a fair pricing.

EDIT (5 April 2024):

I wanted to try ZeroSSL buy subscribing their Basic Plan. When I enabled on my Traefik Server, I immediately started getting "429 Too Many Requests" errors from their server. They don't mention any rate limits anywhere and I only tried to issue certificates for a few domains. Then I noticed that this seems like a common problem on ZeroSSL. Check this GitHub Issue:

Controller can’t handle hitting request rate limits of zerossl ACME API · Issue #5867 · cert-manager/cert-manager

Describe the bug: We’ve been using cert-manager with zerossl as ACME provider using http01 challenges for several months now vey successfully. However, since a couple of weeks ago, zerossl must hav…

GitHubcert-manager

So, please be cautious for using ZeroSSL to avoid LetsEncrypt's rate limits. You can consider using Google Cloud's ACME.