How to deal with too many new orders recently error

Thesix · June 9, 2020, 6:41pm

My domain is: mur.at (and many more)

I ran this command: using letsencrypt inside traefik proxy

It produced this output: too many new orders recently

My web server is (include version): traefik v2.2

The operating system my web server runs on is (include version): Debian 10.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): traefik uses lego for ACME certificate handling

We moved 230 webservers (Subdomains of mur.at and 78 others) to a new docker host. For some reason (proxy restart?) we only managed to get 4 certificates before we hit the rate limit too many new orders recently. How can we get out of this mess? We contacted let’s encrypt before hand and received an increased weekly limit for the procedure we started today, but we have overlooked the limit we hit now

Cheers,
j.

Osiris · June 9, 2020, 6:51pm

Also move the certificates and private keys when you moved your webservers?

jillian · June 9, 2020, 6:58pm

That rate limit runs over a 3 hour window. You can read more about it here, specifically:

For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours. A new order is created each time you request a certificate from the Boulder CA, meaning that one new order is produced in each certificate request. Exceeding the New Orders limit is reported with the error message too many new orders recently .

I also suggest reviewing the integration guide and determining if you need a separate rate limit override which you can request through the same method of your previous one.

Thesix · June 9, 2020, 7:42pm

No, we didn’t they were (are) in a different format and we were too lazy I guess …

Thesix · June 9, 2020, 7:45pm

I guess I will have to take this to the traefik devs. There is no smart way to slow down traefik in its attempt to get certificates. We added a delay parameter to the dnschallenge now and hope that this will improve the situation. Meanwhile we got another 89 certificates but then the errors started popping up again.

Thesix · June 10, 2020, 11:20am

Errors are gone now the problem resulted partly in domains where DNS updates failed. The proxy we use (traefik) tried to order certificates for domains with errors too often/too frequent and hence the number of orders exploded.

system · July 10, 2020, 11:20am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.