(following up from email)
Just to double-check: You've read the rate limit docs?
We're completely jammed up on pending auth (see the attachment). I just tried to manually fire a request off, and it threw the same error. The pending auth limit is too low for our needs. Even with the improved code I'm working on, I'm 100% confident it will fail in the future with the current limit, causing a one-week site downtime. I can't safely move forward without addressing it, which is why I'm putting in this request.
If you wind up with a large number of pending authz's, your code is "leaking" authz's somewhere and you need to find the leak. To get out of pending authz state, you can find the old authz's that you've leaked and POST the challenge completion to them as you would normally do. This will send them into a valid or invalid state, which removes them from the pending category.
Our site is completely open source, so our implementation code is here (sans the stale domain record checking code, push to github is pending): https://github.com/neocities/neocities/blob/master/workers/lets_encrypt_worker.rb
Looks like you're using a Ruby library called Acme, but it's not immediately obvious where that comes from. Can you link the source for that, and tag in the library's author if they're on this forum? It sounds like it might be that library that is leaking the authz's.
Let me know how I can provide you with an ID. Will a public key derived from our private key suffice?
The URL returned from /acme/new-reg, of the form https://acme-v01.api.letsencrypt.org/acme/reg/123, is your ID. If this is not exposed by your client library, file an issue requesting it.
Also, to clarify: In this thread it sounds like all of your domains are of the form example.neocities.org, but reading your code it sounds like you host arbitrary domains. Should I assume it's a little of both?
Thanks,
Jacob