We are running into rate limitting issues when trying to create certs in dev.flatiron.io
We use a wild card certificate *.flatiron.io and are deplying cert manager on kubernetes. Can we update our rate limit to be greater than the default? Perhaps 100?
Hi! Below is my error:
82s Warning OrderFailed certificaterequest/immuta-dev-letsencrypt-tls-xfd6r Failed to wait for order resource "immuta-dev-letsencrypt-tls-xfd6r-3358397139" to become ready: order is in "errored" state: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates already issued for exact set of domains: immuta.dev.flatiron.io: see https://letsencrypt.org/docs/rate-limits/
You've been wasting Let's Encrypt resources for quite some time now:
Especially since July this year (but even before that) there are many, MANY duplicate certificates for all kinds of subdomains of your domain name. Sometimes just a few, sometimes A LOT of duplicates.
This is poor usage of a free service IMO and frankly, to me this is abuse of the service. Every certificate issued costs Let's Encrypt resources. Not only at the moment of issuance, but the entire lifetime of the certificate OCSP responses have to be signed, adding load to the Hardware Security Modules. More load means more resources means more money to spend. And that for a company solely running on sponsorships and donations.
Please stop your abuse and store any issued certificates on a persistent storage, so you only have to issue them once.
I think many people simply don't realize this, because they don't understand the role of HSMs. While the Rate Limits page mentions this, it's still fairly common for people to put automated issuance into a non-persistent container, without really meaning any harm.
@griffin, did you say you were working on a revision to the rate limits documentation? Can you think of anywhere that Let's Encrypt could better communicate that, while certificates are free of charge, people ought to avoid wasteful (especially duplicative) issuance?