Automated payment system to reset rate limits and avoid business interuption

It never happened to me but I’m worried it will happens to me one day with misusage on my part I will reach the cert renewal limit and risk to have my websites/apps offline for a week because of no SSL certificate.
The limit is necessary for lets-encrypt to prevent spam and fair use of lets-encrypt resources, and I think a proper usage of lets-encrypt fit 99.9999% of use cases for certificates so I think the limit should not change.

What I suggest is letting users paying a small amount like 10€, or any amount lets-encrypt deem to be reasonable to reset their limit to 0 in an automated web process in case of misusage to prevent such disaster scenario.
The process being automatic after payment would not need human intervention on the part of lets-encrypt, Please find below my proposition of process.

  • A unique token should be included in the failed renewal/creation message.
  • The user will copy the token from the error message to the form during the payment process to automatically identify the appropriate account/domain/address that reached the rate-limit
  • after payment the rate-limit is reseted to 0 without delay.

It’s remarkably difficult to issue 50 certificates by accident, which is what it takes to be in a position of “business interruption”.

Besides, Let’s Encrypt is not the only CA. In dire circumstances, a certificate can be acquired from another CA (who are already setup to accept money).

2 Likes

Related: Paying your way out of rate limits

2 Likes

If you have 1 website/app and 1 domain yes it is complicated to reach the limit
If you have one organization domain with dozens of apps in the cloud in subdomains or subdomains of subdomains each with their own certbot and thus own certificates, it becomes easier to reach the limit

There is an idea to stop counting renewals for rates limits, so you don’t have to sync them for the creation of certificates for new domains: University Issue Rates

3 Likes

I think the idea of stop counting renewals for the rate limits is a great idea and would solve many limit issues

However I still think it is important to have a solution for disaster scenarios to cover 100% of cases, as the murphy law says whatever can go wrong, will go wrong.
what if you loose your letsencrypt folders with all your certificate files from several servers and need to recreate them all at once ?
what if a malicious attacker make you intentionally reach your rate limit ?

As _az said in such disaster case you have no other solution but to pay a hefty price by going temporarily to another CA only to come back to let’s encrypt one week later. I’d rather give my money to letsencrypt who deserve it than a third party CA.

If the monetary solution is not workable for understandable ideological reason, we could imagine instead of payment, a set of several captcha or various automated solutions to verify it’s not a bot but a legitimate user

There is always the possibility to switch to another ACME-Compatible CA in such event: Automatic Certificate Management Environment - Wikipedia

5 Likes

If that happens, you should reconsider your backup strategy.

Let's Encrypt advises to renew 30 days before the expiration date of the certificate. I.e., in the worst case scenario, one month of time to detect the attacker (which should be detected within no-time of course), enough time to wait 7 days and after that 3 weeks to renew.

And again, backup, backup and backup.

3 Likes

Unless 5 duplicate certificates have already been issued and lost within the last week, you can just issue more.

(And the duplicate certificate limit can be worked around if the certificates per domain limit hasn't also been reached.)

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.