[zalmoxes]

Nice writeup!

I wish there was a CA out there that could let you requests new certs more frequently.

Yes there's Let's Encrypt, which is amazing and works great but the ratelimits[1] really kill you if you're not careful. I've had a few issues where I've triggered the LE ratelimit with a production domain and got locked out of making new certs for a whole week. I would gladly pay for an ACME CA which does not enforce these ratelimits.

[1] https://letsencrypt.org/docs/rate-limits/

[stanleydrew]

I'm actively considering what it would take to set up a for-profit ACME CA, and pricing based on rate limits might be the key business model insight I needed. Thanks!

[jvehent]

LE needs $2MM/year to run and bootstrapped under an existing CA, so there's your starting point ;)

It might be easier to resell someone else's certificates.