Acme V2 Problem: Error creating new order :: too many new orders recently

Hi! We are trying to upgrade to v2 of the acme spec and it was going smoothly for a bit until we started hitting rate limits. Our new certs requested is average 80 / hour historically. It doesn’t seem like we came close to hitting that rate limit today but we got the errors a little after we cutover.

We host ~ 130,000 sites for our customers

My question is what is considered a new order? We request an authorization for the root domain (example.com) and then typically one for the SAN (www.example.com)

Do those both count as orders? In the end we only get one cert.

My domain is:
There are so many, but one that hit the rate limit today would be rhealobo.com

I ran this command: request authorization

It produced this output:
429 too many requests
Error creating new order :: too many new orders recently

My web server is (include version): N\A

The operating system my web server runs on is (include version): N\A

My hosting provider, if applicable, is: N\A

I can login to a root shell on my machine (yes or no, or I don’t know):N\A

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is: acmephp/acmephp (latest)

One order is an attempt to get one certificate (whether it succeeded or failed).

Right. That makes sense. Is attempt to get one certificate counted when we request the domain authorization or the certificate?

Our process first asks for the domain authorization for the root domain (example.com)

• Then the verification of example.com
• Then asks for an authorization of www.example.com
• Then the verification of www.eample.com
• Then asks for the cert order to be finalized with example.com as the domain name and www.example.com as the Subject Alternative Name

At what point in that process is the attempt recorded? I guess what I’m trying to trouble shoot is if the two domain authorizations are counted against us for the same certificate.

Forgive me if I’m not quite getting it

Under normal circumstances, that would be one order.

The ACME client could hypothetically have some sort of flawed workflow that creates more than one order (hopefully finalizing one of them and abandoning the others).

Ahh interesting. I’ll have to check in their source code to see what’s going on and if that’s what they do. Thanks!

Simpler condition, if the client is interrupted in the middle. Order already created, but not all authorization finalized.

So it does look like the way it’s implemented that’s exactly what the client library is doing. They have a new interface that batches the order process up with domain authorizations as one single order instead of two. We’ll have to upgrade to that new interface from them as well. Thank you for your insight into this! I appreciate the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.