#TIL - ZeroSSL

Free SSL Certificates and SSL Tools - ZeroSSL
Free SSL certificates issued instantly online, supporting ACME clients, SSL monitoring, quick validation and automated SSL renewal via ZeroSSL Bot or REST API.

I use LetsEncrypt for all of my projects since a while. But this week I learned that, LetsEncrypt has a limit of 50 domain certificates generation per week.

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com.

This is still a generous number but if you consider to provide a SaaS with custom domain support, you would need to consider a solution. ZeroSSL can be a good drop-in replacement for LetsEncrypt since it also supports ACME clients. So it works with Traefik, that was important to me. And $8/m for basic requirements seems like a fair pricing.

EDIT (5 April 2024):

I wanted to try ZeroSSL buy subscribing their Basic Plan. When I enabled on my Traefik Server, I immediately started getting "429 Too Many Requests" errors from their server. They don't mention any rate limits anywhere and I only tried to issue certificates for a few domains. Then I noticed that this seems like a common problem on ZeroSSL. Check this GitHub Issue:

Controller can’t handle hitting request rate limits of zerossl ACME API · Issue #5867 · cert-manager/cert-manager
Describe the bug: We’ve been using cert-manager with zerossl as ACME provider using http01 challenges for several months now vey successfully. However, since a couple of weeks ago, zerossl must hav…

So, please be cautious for using ZeroSSL to avoid LetsEncrypt's rate limits. You can consider using Google Cloud's ACME.

Me on Mastodon: https://synaps.space/@murat