Help understanding rate limit expiry

samuelalexmclean · September 3, 2020, 5:32am

My domain is 66c.dev. I’ve been trying to debug some problems with the Home Assistant extension and propagation delays (targeting prod instead of dev, I know, stupid) and now I’m getting the following error:

Plugins selected: Authenticator dns-google, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.66c.dev: see https://letsencrypt.org/docs/rate-limits/

I think I need to wait a week until I can try again, which is a huge pain, but I don’t know how to interpret this:

Can anyone help me understand when I’ll be able to start up again?

JuergenAuer · September 3, 2020, 5:48am

Hi @samuelalexmclean

why do you want to create the next certificate if you have already created 5 identical certificates?

Use one of these 60 - 85 days, then create the next.

There is no need to create a new certificate.

No, it's not required to create so much certificates. That's not free.

CT-logs sometimes slow.

PS: If you want to test something: Use the test system, not the productive system.

_az · September 3, 2020, 5:53am

Indeed. You can get a more precise date here.

Keep in mind there are other free ACME CAs (Buypass, ZeroSSL) you can use if you have blown through your production Let's Encrypt rate limits.

samuelalexmclean · September 3, 2020, 6:16am

Thanks guys!

why do you want to create the next certificate if you have already created 5 identical certificates?

I'm not worried about making my domain work (and as you correctly deduced, it works fine). The issue is that cert issuance is flakey because of propagation delay + a weird bug in the plugin I'm using (for Home Assistant). I was trying to fix this and work out what a sensible delay was, which meant deleting and reinstalling the plugin from a clean state (five times, it would seem). And I'm sure I had it fixed this time, too

No, it’s not required to create so much certificates. That’s not free.

I should have been clearer - my pain here is not that LE or Certbot, two amazing free services, are enforcing entirely reasonable rate limits. It's that I didn't read the docs (let's be honest, who does when things are working) and am now stalled for a week.

Keep in mind there are other free ACME CAs you can use if you have blown through your production Let’s Encrypt rate limits.

Good thinking! This should unblock my development until next weekend.

griffin · September 3, 2020, 6:58am

Or you could just use the staging servers for Let’s Encrypt in order to test your process before actually issuing real certificates…

_az · September 3, 2020, 7:19am

OP already apologized in the original post, no need to berate them .

I forgot to mention, if you want a wildcard, I don't think that Buypass will do it on their free ACME, but ZeroSSL will (but requires a free signup to get your Certbot EAB credentials).

griffin · September 3, 2020, 7:24am

@_az

I didn’t realize that’s what he meant. My bad. I was wondering why it hadn’t been suggested. Figured @samuelalexmclean just wasn’t aware of the staging servers.

By the by, why such a strong push towards ZeroSSL?

system · October 3, 2020, 7:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.