@SamirNassar-idealo, have you confirmed with Let’s Encrypt staff that your rate limit was increased? Is it possible that your rate limit increase applies only to one specific ACME account, which might not be used by this particular client instance? Sometimes Let’s Encrypt rate limit increases are tied to accounts, not just domains.
:\ cert-search should show all the certificates for the Registered Domain within the 7 day window, subdomain or not. If it isn't, I need to know about it, but I can't see an obvious omission (yet).
FWIW sahsanu's perl script agrees that the current count is 35. So either there have been new certificates created not yet logged, OP's rate limit result is stale (i.e the window is lapsing, which I find to be likely since in the last couple of posts it's gone down from 42->35) or OP's rate limit got accidentally lowered to 35.
For one, the %domain pattern can result in false matches. e.g. it matches crt.sh | 1148815275 because of:
DNS:aidealo.com
The better pattern would be domain.com || %.domain.com but crt.sh's web interface doesn't permit that query.
cert-search also uses %domain but it then also parses the certificate DER to confirm that each certificate actually features that Registered Domain, according to PSL rules.
Hi @SamirNassar-idealo we did indeed raise your limits for the ACME account ID you requested (plus a little more per the confirmation e-mail!). I sent you an e-mail back - do you think perhaps we have the wrong ACME account ID? Here’s more information on how to find that: https://letsencrypt.org/docs/account-id/
Also suggested to make the limit a lot higher than you originally thought you would need for the ACME account ID that you previously gave. Happy to do that as well.
Hello @jple, between your response and the weekend I started thinking that there is something wrong on our end. It appears that I had the account-ID from a previous start and not the consolidated account-ID. I will verify this on our side and send you an update today.
Higher limits are always nice, but I don’t believe we need them at this stage and I want to solve the problem first before LE staff have to be involved.
I will also be filing a Ticket internally to make sure we track the account number in our logs, this would have been a good idea to have from the get-go.
Hello @jple and @lestaff we are still hitting the API limits of 50 new certificates per week. We thought we would have the limit raised by Friday and it has not happened.