Help needed unblocking IP


#1

Hi all,

I’m running cert-manager on our Kubernetes cluster which requests for a LE cert every time a new feature branch is created.

Previously we were on 0.2.0 and I think we hit the domain limit as we have quite a number of feature branches.

Unfortunately it appears that cert-manager keeps re-requesting and it hit some kind of IP block.

Now I see the following error when we describe the issuer.

  Warning  ErrVerifyACMEAccount  1m (x11 over 2m)   cert-manager             Failed to verify ACME account: acme: urn:ietf:params:acme:error:rateLimited: Your IP, 52.x, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org
  Warning  ErrInitIssuer         1m (x11 over 2m)   cert-manager             Error initializing issuer: acme: urn:ietf:params:acme:error:rateLimited: Your IP, 52.x, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org

Would like to request for an unblock so that we can test the upgraded cert-manager which should (hopefully) reduce the limit by using wildcard certs.

Thanks!

Not very comfortable sharing the actual ip here, how can we securely send this?


I get cert Limit, but i didin't create new certs
#2

The “ridiculously excessive traffic” rate limit isn’t about, like, getting a couple too many certificates. It’s about… ridiculously excessive traffic. Likely multiple requests per second. All the time.

Here’s the cert-manager bug:

What did you upgrade to? 0.3.0 may behave better, but 0.2.4 doesn’t.

You can probably email or private message your IP address to one of the Let’s Encrypt staff. I hope they’ll chime in in this thread.


#3

Yeah I suspect it was due to cert-manager attempting to retry getting certificates and because we have quite a number of branches, it repeats itself quite a bit.

Hopefully we can get unblocked soon.


#4

What version of cert-manager have you upgraded to?


#5

v0.3.0.

Is there anyone I can contact privately to send my IP?


#6

You could talk with @cpu


#7

Great :+1: - You can email the affected IP addresses to cpu @ letsencrypt.org (or send a forum DM)


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.