Detecting Current Usage to Prevent Rate Limiting Errors

Hello,

We use Lets Encrypt to back up our clients’ instances. Every customer of us gets a subdomain for his cloud. The subdomain is backed up with Lets Encrypt. This week we had many orders, and now the new clouds are no longer encrypted with Lets Encrypt.

I would now like to determine whether it is at the limit of 20 per domain.

My questions:

  • Is there a possibility to see if I am at the limit?
  • Can I buy a higher limit?

Thanks for Help

The only way to know for certain is to go through the regular certificate issuance process and see if it fails with a urn:ietf:params:acme:error:rateLimited error.

To get an approximate result, you can also query Certificate Transparency servers through something like crt.sh. This is essentially a public log of all certificates issued by Let’s Encrypt (and other CAs). Note that it is not real-time, it can take a few hours for new certificates to show up, so it’s not entirely accurate.

You can request a rate limit increase here if you meet the criteria listed on that page. There’s no payment requirement, though I’m sure any donations would be appreciated. :smile:

1 Like

There is also a tool to automate this calculation:

It has the same limitation that the underlying data source is not updated in real time, so the information could potentially be out of date.

Also, the rules about renewals and rate limits are a little bit counterintuitive. If you’re able to control the timing of new requests as well as renewals, you should try to ensure that new requests are always processed before renewal requests.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.