Error creating new order :: too many new orders recently

So creating multiple certificates was a result of re-creating "proxies" (in otherwords a domain) in the NPM system if the previous attempt failed. Along with creating the proxy it also attempts to register a new certificate to that domain.

We will be mitigating that issue, but that still doesn't explain how we came anywhere remotely close to a rate limit with only 8 domains attempted on a single day.

I don't know enough about NPM to give advice other than you should check with their support. You need to find a way to track all possible ACME requests.

Something almost certainly is going wrong in your request flows. Maybe something is reissuing requests when it shouldn't. So far I have seen a misbehaving system getting stuck with a rate limit.

The odds of that being a Let's Encrypt bug in its rate limiter is extremely unlikely in the first place. And, we would be seeing lots more failure reports if there was such a bug. Maybe you are the first of many but LE has its own "health checks" and other large providers have them too. We haven't seen any other reports than yours.

4 Likes

The relevant rate-limit isn't based on the number of domain names, but the number of new orders, as @MikeMcQ has already indicated. If you make 500 certificate requests within 3 hours for even a single domain name, you'll hit the New Orders rate-limit.

You can create a maximum of 300 New Orders per account per 3 hours. A new order is created each time you request a certificate from the Boulder CA, meaning that one new order is produced in each certificate request. Exceeding the New Orders limit is reported with the error message too many new orders recently.

4 Likes

Okay were will be looking into these issues more thoroughly. Thank you for all your help everyone.

3 Likes

A post was split to a new topic: Need help getting cert

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.