Hit Rate Limit, can it be increased for this domain?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dev.aks.commure.com, api.dev.aks.commure.com

I ran this command: I was deploying and ran into other issues that didn’t start and so accidentally kept reissuing certs.

It produced this output: Failed to finalize order: acme: urn:ietf:params:acme:error:rateLimited: Error finalizing order :: too many certificates already issued for exact set of domains: api.dev.aks.commure.com: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Rate limit increases are for long term legitimate needs and aren’t provided to work around these kinds of situations. In any case, they take longer to be granted than the length of the rate limit, so it wouldn’t help you.

You can work around the problem by including an additional domain on the certificate, which will cause it to be categorized under a different rate limit bucket.

Rate Limit Current Status Domain
50 Certificates per Registered Domain per week OK (14 / 50 this week.) commure.com
5 Duplicate Certificates per week Limit exceeded. Next issuable at 2018-09-28T17:03:01.000Z dev.aks.commure.com
5 Duplicate Certificates per week Limit exceeded. Next issuable at 2018-09-28T17:02:59.000Z api.dev.aks.commure.com

Summary generated at https://tools.letsdebug.net/cert-search?m=domain&q=api.dev.aks.commure.com&d=168 .


#3

Hi @minggfeng

additional:

there is a testsystem you should use. The test / stage - system has it’s own limits. They are higher.

The Issuer is “Fake LE”, so you can’t use these certificates productive. But to test the communication with Letsencrypt - it works.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.