Domain Ratelimit not counting renewals?


#1

Hi, we have several sub-domains and renew them regularly. As far as we can tell, most of them should be counted as renewals and go back for a year or more (renewed every 60 days). However the API is telling us we have too many certificates issued. Is the renewal limit exception functioning?

My domain is: 18f.gov

I ran this command: acme renew

It produced this output: “too many certificates already issued for: 18f.gov


#2

Hi @sharms,

The treatment of renewals for rate limit purposes has changed twice, so I’m sorry if you received out-of-date information at some point.

Currently (and originally), renewals are counted against the rate limit but not blocked by it. Therefore, the order of certificate requests matters and you need to do new issuances prior to renewals. We’ve been hoping to change this to remove this limitation, but there are a number of other CA development priorities right now (like ACMEv2 and wildcards) and so this hasn’t taken center stage.


#3

Hi sharms! I reached out to you via DM to see if we can help at all.

Thanks so much for using Let’s Encrypt!

-JP


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.