Perhaps I'm ignorant, but I don't see how the LE guys would be annoyed about thousands of requests for TLS certs from a single user. The system is automated, after all. :)
> + you might not want to publish a list of all valid ones.
I assume that you mention this to illustrate a scenario where certs with a bunch of SANs is not a solution to the problem? If you weren't, does LE do something like publishing a list of all of the domains for which they have issued certs?
> but I don't see how the LE guys would be annoyed about thousands of requests for TLS certs from a single user. The system is automated, after all. :)
We have to actually run a complicated server that does things with an external Hardware Security Module. CPU time, disk space, and bandwidth all cost money, and there's a finite amount of money we can spend on resources :)
Thus, rate-limits. That also helps keeps latency low for most users, and prevents DDOSing.
> + you might not want to publish a list of all valid ones.
I assume that you mention this to illustrate a scenario where certs with a bunch of SANs is not a solution to the problem? If you weren't, does LE do something like publishing a list of all of the domains for which they have issued certs?