Is there a max limit on number of alt_names (SANs) I can have on any PKI cert/role?

I was just keen to understand if there is any ceiling on how many alt-names (SANs) one can have on a cert provisioned by the PKI engine.

Hmm, couldn’t find a limit in either Vault or Golang’s crypto/x509 module (just did a quick scan of the code). Still, I’d recommend to not go totally overboard with the number of SANs. For example, Let’s Encrypt has a limit of 100 SANs per certificate: