diff --git a/acme/client.go b/acme/client.go
index ba56e796..ee519f2e 100644
--- a/acme/client.go
+++ b/acme/client.go
@@ -23,8 +23,15 @@ var (
 	Logger *log.Logger
 )
 
-// maxBodySize is the maximum size of body that we will read.
-const maxBodySize = 1024 * 1024
+const (
+	// maxBodySize is the maximum size of body that we will read.
+	maxBodySize = 1024 * 1024
+
+	// overallRequestLimit is the overall number of request per second limited on the
+	// “new-reg”, “new-authz” and “new-cert” endpoints. From the documentation the
+	// limitation is 20 requests per second, but using 20 as value doesn't work but 18 do
+	overallRequestLimit = 18
+)
 
 // logf writes a log entry. It uses Logger if not
 // nil, otherwise it uses the default log.Logger.
@@ -522,7 +529,14 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver
 func (c *Client) getChallenges(domains []string) ([]authorizationResource, map[string]error) {
 	resc, errc := make(chan authorizationResource), make(chan domainError)
 
+	var delay time.Duration
+	if len(domains) > overallRequestLimit {
+		delay = time.Second / overallRequestLimit
+	}
+
 	for _, domain := range domains {
+		time.Sleep(delay)
+
 		go func(domain string) {
 			authMsg := authorization{Resource: "new-authz", Identifier: identifier{Type: "dns", Value: domain}}
 			var authz authorization