We have encountered the issue related with the 3CX Call Center Center Software.
Due to frequent Backup and Restore operations on our 3CX software, we are encountering a Certificate Authority Error from Let's Encrypt, which is now displaying a message indicating that we need to wait until the counter is adjusted, as shown in the image.
We would like to know how many days will take to adjust the counter to complete.
Error Code : Certificate Authority Error: ID (429)
that isn't overidable but somewhat bypassed by adding some other domain name into certificate request.
but why you don't have old certificate/pkey if you did do the backup?
The exact error from Let's Encrypt includes the date/time after which a new try may succeed. Your ACME Client has replaced the LE message with one of its own. You may want to ask them how you can view the original message.
That said, I fully agree with my fellow volunteers that your process is flawed. There should be no reason to be creating (many) new certs after a routine backup restore. A properly designed method should not be affected by this rate limit.
If you will be issuing many certs under one apex domain (3cx.asia) you still need to apply for rate limit increases with Let's Encrypt because there is a limit of 50 certs per domain: Rate Limits - Let's Encrypt
My suggestion would be that you perform certificate order outside your call centre software, store the certificates and keys in a secrets vault (e.g. Hashicorp vault or Azure Keyvault etc), then pull them on startup/restore of your service and then periodically while the service is running.
I would also suggest allowing for CA fallback to alternative certificate authorities, to allow for availability, account or rate limit problems.
That way your certificates will only be renewed when they are approaching expiry, you will reduce the likelihood of hitting a rate limit for duplicate certs and you will always have your certs available when you need to restore them in a deployment.
