I’ve written a custom ACME client integration to request certificates for a large number of domains (8,000+). I have read and understand the limit of 300 new orders every 3 hours for an ACMEv2 client. However, I seem to be hitting this limit in situations where it is not expected.
For instance, I created exactly 100 new orders earlier today before reaching the limit and getting a 429 error. I had not made any orders within the 3 hours prior to that time.
My questions are:
- Is the 3 hour limit rolling or based on UTC?
- Once the limit is reached, is there a “Retry-After” of exactly 3 hours?
- Is there an undocumented sub-limit such as 100 per hour and 300 per 3 hours, whichever is hit first?
The rate limit docs just don’t seem to match the behavior I’m seeing, and I would love to understand how it works and document it clearly for someone trying this in the future.