Help needed unblocking IP

svcuser · June 19, 2018, 6:42am

Hi all,

I’m running cert-manager on our Kubernetes cluster which requests for a LE cert every time a new feature branch is created.

Previously we were on 0.2.0 and I think we hit the domain limit as we have quite a number of feature branches.

Unfortunately it appears that cert-manager keeps re-requesting and it hit some kind of IP block.

Now I see the following error when we describe the issuer.

  Warning  ErrVerifyACMEAccount  1m (x11 over 2m)   cert-manager             Failed to verify ACME account: acme: urn:ietf:params:acme:error:rateLimited: Your IP, 52.x, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org
  Warning  ErrInitIssuer         1m (x11 over 2m)   cert-manager             Error initializing issuer: acme: urn:ietf:params:acme:error:rateLimited: Your IP, 52.x, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org

Would like to request for an unblock so that we can test the upgraded cert-manager which should (hopefully) reduce the limit by using wildcard certs.

Thanks!

Not very comfortable sharing the actual ip here, how can we securely send this?

mnordhoff · June 19, 2018, 7:04am

The “ridiculously excessive traffic” rate limit isn’t about, like, getting a couple too many certificates. It’s about… ridiculously excessive traffic. Likely multiple requests per second. All the time.

Here’s the cert-manager bug:

What did you upgrade to? 0.3.0 may behave better, but 0.2.4 doesn’t.

You can probably email or private message your IP address to one of the Let’s Encrypt staff. I hope they’ll chime in in this thread.

svcuser · June 19, 2018, 7:40am

Yeah I suspect it was due to cert-manager attempting to retry getting certificates and because we have quite a number of branches, it repeats itself quite a bit.

Hopefully we can get unblocked soon.

cpu · June 19, 2018, 2:38pm

What version of cert-manager have you upgraded to?

svcuser · June 20, 2018, 2:11am

v0.3.0.

Is there anyone I can contact privately to send my IP?

stevenzhu · June 20, 2018, 3:06am

You could talk with @cpu

cpu · June 20, 2018, 1:40pm

Great - You can email the affected IP addresses to cpu @ letsencrypt.org (or send a forum DM)

system · July 20, 2018, 1:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.