I cannot take credit for this suggestion, but I felt it to be so excellent that I just had to champion it.
Multitudes of times per week we see several common ways that certificate-seekers hit the five-duplicate-certificates-per-week rate-limit:
- Misguided efforts to debug certificate installations (which is a compelling reason to segregate acquisition and installation behavior)
- Ephemeral environments (like certain Docker setups) that treat certificate issuances like tissues
- Multiple devices serving the same certificate (like when the workers behind a load-balancer terminate TLS)
Allowing only two duplicate certificates (one original and one duplicate) per hour along with an appropriate message from Boulder (like coming here to get help) would likely:
- Effectively combat the issuance of duplicate certificates
- Virtually eliminate wasteful spin-up processes of ephemeral environments
- Drastically reduce the number of sad/angry help-seekers being told to "wait a week"
This limit is intended to be in-addition-to the current five-duplicate-certificates-per-week rate-limit.
I do not feel that the following response is in the spirit of this community:
I sentence you to a long session of RTFM and a lost week of productivity/revenue!