Blocked due to ridiculously excessive traffic


#1

Hello,

Firstly, I have received the same “blocked due to ridiculously excessive traffic” error.

I also received this email from Jacob some time ago:

I’m an engineer at Let’s Encrypt. From our logs, it looks like you may be running an outdated kube-lego or cert-manager instance that is generating extremely high traffic to Let’s Encrypt’s servers. We’ve worked with Jetstack, the maintainers of kube-lego and cert-manager, to release an update to each of those packages. If you are using either of those tools, please update to the latest version, which will reduce the amount of traffic you are sending to Let’s Encrypt.

I have (finally) made this change, I’m sorry it took so long. The kubernetes cluster is now running cert manager v0.4.0. However it seems cert-manager is has now been blocked with the “blocked due to ridiculously excessive traffic” error.

I saw this error myself on the cluster, but then I deleted the cert-manager pod and the error did not get redisplayed. However, all requests are failing with the error “Issuer letsencrypt not ready”. I assume this means my IP has been blocked.

Some domains I have requested certs for are:

The email for my account is the same as my email address for community.letsencrypt.org.

Any help you can provide would be very welcome indeed.

Many thanks,

Adam


#2

Hi,

The block are placed on IP, instead of domains…

Please email / pm the details & affected IP address to @cpu or cpu@letsencrypt.org

Thank you


#3

As different Let’s Encrypt staff members may handle this issue at different times, I would suggest inviting the Let’s Encrypt staff to comment on forum threads rather than providing users with a suggested individual contact.


#4

Just curious, is there an let’s encrypt staff group that I can directly mention? ( Instead of individual users)

For example: @admin / @staff ( but excluding discorse staff)


#5

@stevenzhu Thank you, I have now done this.

@schoen Sounds very sensible to me. In absence of any alternative route available to me I emailed cpu@letsencrypt.org.


#6

Hi @adamcharnock,

I’ve opened a ticket to unblock your IP and will update this thread when the change is live. Thanks for addressing the problem!


#7

That would be useful! I’ll ask about that.


#8

Hey @cpu, has there been any news on this? It would be great to get this particular site up before the weekend. Thank you!


#9

Hi @adamcharnock

I believe the unblock is scheduled to be processed this morning (pacific time).


#10

@cpu Amazing, thank you! :tada:


#11

The block has been removed in production. Thanks for your patience @adamcharnock!


#12

For future kubernetes / cert manager users, I also had the problem that my ClusterIssuer needed updating to the LetsEncrypt V2 API.

$ kubectl get clusterissuers
.... 
$ kubectl describe clusterissuer letsencrypt
... look in the status section for any errors ...

This was the cause of the “Issuer letsencrypt not ready” error.


#13

Also, thank you very much for the help @cpu et al!


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.