Lets encrypt quota monitoring

Hi,

It would be great if there was an API for monitoring the quota status of LE account.
We use LE to issue certificates to our users, and we would like to get alert (or develop a tool that will invoke an alert ) once our account is about to reach the quota limit.

Is there any API that expose this information?

Thanks

3 Likes

Hi @cojalvo

I don't think there is an API. And I don't see such an API is required.

There are three main limits:

Failed authorizations -> should not happen, misconfiguration. Happens if users ignore the message and try it again, again, again - oh, I am blocked.

Same with the duplicated certificate limit - 5 identical certificates per week. Users create a new certificate, the installation doesn't work, they don't restart the webserver -> they create the next, next, next.

The "max. 50 certificates per domain / week": Not really relevant.

So if an API sends a message (after 4 certificates) - users try it again -> next block.

Thanks for your response.

I will explain our need…

I’m from IBM and I’m a developer at the “Certificate manager service” of IBM cloud.
In our service we let the users order a certificate from LE. We use a single LE account for all of our users.
As part of the cooperation, we got a special quote limit which is quite enough to satisfy our needs. However, we need to track our quota state and be able to get alerts if we are about to reach the quota limit. in such case, we will get a PD alert to prevent downtown of the order certificate feature and we will ask from LE to increase the quota.

Thanks

1 Like

Hi @cojalvo,

We’ve had other threads about this on the forum and @JuergenAuer is right that Let’s Encrypt has not implemented this feature at all. We can ask @lestaff if there’s any prospect of doing so.

Right now the closest you could come is monitoring a Certificate Transparency log and calculating the quota state for yourself based on observing certificate issuances. I realize that that’s a lot of extra work and might not seem worthwhile for your situation.

Alternatively, if you proxy ACME certificate requests through a single service that you create, you could have that service keep track of successful issuances and calculate statistics about them.

Hi @cojalvo! Thanks for the question, and sorry it’s taken me a couple of days to get back to you. What others have said here is correct - we don’t currently have a way to query our API for rate limit status. We don’t have immediate plans to implement, but I would be interested to know which limits you are most concerned about hitting. For instance, are you thinking of the overall Orders per Account limit, the Certificates per Domain limit, or the Duplicate Certificate limit?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.