Getting 429 rate limit on domain with less than 20 certs in past week

heng · August 7, 2018, 12:37am

This is for domain yale.edu

Based on crt.sh, we’re not seeing that we are definitely below the rate limit on certs issued for that domain - https://crt.sh/?q=%.yale.edu

However, we’re getting a 429 error when we are attempting to issue a cert for a subdomain on yale.edu using letsencrypt-express v2.0.5 :

2018-08-07 00:11 +00:00: { type: 'urn:acme:error:rateLimited',
  detail: 'Error creating new cert :: too many certificates already issued for: yale.edu: see https://letsencrypt.org/docs/rate-limits/',
  status: 429 }

Any ideas?

mnordhoff · August 7, 2018, 12:53am

crt.sh has been backlogged recently. It probably has an incomplete picture of certificates issued in the last week.

Google’s CT search site should be more up-to-the-minute but it’s harder to work with:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:yale.edu;issuer_uid:4428624498008853827&lu=cert_search

heng · August 7, 2018, 3:52am

Thanks mnordhoff, I’ll work with that instead and see if I can figure out where these certs are issued from

schoen · August 7, 2018, 9:38pm

Also, universities can often get a Let’s Encrypt rate limit increase relatively easily, so you might also want to get in touch to request that the rate limit be increased.

system · September 6, 2018, 9:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.