Can the rate limit be reset?


#1

Hi,

I accidentally didn’t use the staging environment while developing my certbot app and have recently reached the rate limit. As a first time offender, is there any way I can get the rate limit reset for tmnt-sandbox.ga instead of having to wait the 7 days? I really do want to be able to continue working on this.

Thanks,

Leif


#2

Unfortunately, no. See https://letsencrypt.org/docs/rate-limits/, specifically:

If you’ve hit a rate limit, we don’t have a way to temporarily reset it. You’ll need to wait until the rate limit expires after a week. We use a sliding window, so if you issued 10 certificates on Monday and 10 more certificates on Friday, you’ll be able to issue again starting Monday. You can get a list of certificates issued for your registered domain by searching on crt.sh, which uses the public Certificate Transparency logs.

Revoking certificates does not reset rate limits, because the resources involved in issuing the certificates have already been used.

Now, depending on which limit you hit (duplicate certificates, specifically) you might be able to get around this by adding an additional name to the certificate, and thus no longer having it be a duplicate. Note that the example in the quote above is specific to the 20 certificates per registered domain limit. I would recommend working in staging until you have this working, as staging has separate and much higher rate limits.

Additionally, encountering a rate limit indicates that you already have several certificates. Why can’t you use one of these.


#3

Unless you hit the failed validation rate limit, but that expires after an hour.


#4

Hi @jared.m thanks for your detailed explanation. I will check and see if I hit a duplicate certificate limit - most likely did. The issue I am facing is that I set up certbot inside a docker container and stupidly did not map the certificate out over a volume to the host machine. When re-initializing the environment, the certificate was lost. Anyways live and learn. Will give the additional name trick a go. Thanks very much for all your help.


#5

Hi @leifdejong

you have created 5 identical certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:tmnt-sandbox.ga&lu=cert_search

oldest 2018-08-03, last three yesterday. So you can create the next 2018-08-10.

Or use the testsystem. If you are developing a certbot app, you may be the only user. So you can add the Fake root and work with the test environment.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.