Automatic renewal interfering with new certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
SAN certificate for all bindings of multiple IIS sites

It produced this output:
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for:”,
“status”: 429

After some searching i found these posts Clarification of rate limiting in Documentation / Rate Limits & Hitting rate limit after renewing certs

Our problem is we have auto-renewal active, whilst also trying to get new certificates.
According to the information inside linked posts it should be possible for us to create 20 new certificates each week, if we do this before any renewalls. This interferes with automatic renewal and is a counterintuitive way of managing our certificates, since we have to make somebody available to manually execute renewalls.

This problem has been going on for some time and we’ve already filled in the rate limiting form to request a higher limit, but received no response of any kind (first time was a few months ago, second time was yesterday).

Increasing the rate limit for our domain would temporarily fix our problem, however the main problem is automatic renewals taking up spots of our new certificate requests.

This is a known issue, and has been addressed previously (but only shortly unfortunately): Rate limit update: removal of renewal and new-issuance ordering constraints

While Let's Encrypt has recognised this problem, for some reason as mentioned in the above thread, it wasn't possible to be able to circumvent it.

The issue on github about this problem has been reopened accordingly: Improve renewal rate limiting · Issue #2800 · letsencrypt/boulder · GitHub

1 Like

Since the last response from the side of letsencrypt on this issue was posted in september i’m not expecting this to be fixed quickly.

Is there any other way to increase our rate limit?
The request form doesn’t really seem to be working.

Being added to the Public Suffix List will allow you to go past the 20 certificate/week limit, but I am not sure whether your domain/org qualifies. Maybe worth checking.

1 Like

Note: requesting addition to the PSL just for the Let’s Encrypt rate limits isn’t a good reason :stuck_out_tongue:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.