Limit of certificates issued on IP

I want to know if their is any limit on the certificates issued on a particular IP. As we are an organisation and we are getting the Limit reached error.

The rate limits are explained here:

Most of them are per-account or per-domain. Under normal circumstances, you probably won’t hit any per-IP address limits.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

8 posts were split to a new topic: Duplicate certificate rate limit error in Plesk

@karan Do you need more information? Is idesign-solutions one of your coworkers?

1 Like

Yes, please. As we are an Organisation. we are issuing the certificates on a daily basis. So our limit is getting touched again and again. So we want to increase our limit. How can we do that?
And we are not related with each other in any manner.

Hi @karan

that's the wrong way. Create one certificate, then use it 60 - 85 days, then create the next.

It's not the idea of Letsencrypt every user create certificates daily.

And if every user would do that, then Letsencrypt would need much more ressources.

PS: Increasing limits - when you are a large organisation (like an university) with a lot of domains. Or if you are a large company with more then 300 renews per hour.

Yes we have more than 300 domain. And we do not create many certificates on daily basis but if we want to renew any certificates so how can we renew in a single day ?
I know the maximum time period of any Letsencrypt SSL is around 90 days.

Okay, I’ve moved idesign-solutions’s posts to a new thread.

@karan, which rate limits are you reaching?

With a few hundred certificates on a large number of different domains, you shouldn’t have any problems.

If we want to renew 20-30 certificates in a day, is their any problem with this?

There shouldn’t be. Are you having problems?

That shouldn't be a problem. Rate limited is the creation of new certificates.

The renew may be a problem if there are a lot of errors: Creating a certificate with a lot of domain names, then renewing it, but one domain isn't longer valid, then do that again and again.

Or if there is a configuration problem and the code doesn't stop, instead the code tries it again.

It would be helpful to see the exact error message from Let’s Encrypt, because it should identify which specific rate limit is reached.

This is the Error we are getting. Please have a look.

0|index | [acme-v2] handled(?) rejection as errback:
0|index | Error: Error: Failed HTTP-01 Dry Run.
0|index | curl ‘http://www.pinekart.com/.well-known/acme-challenge/-OO61drKJHjosmiz1Hr2AqdKEVhhATOpv4z2bC9Bi2o’ does not return ‘-OO61drKJHjosmiz1Hr2AqdKEVhhATOpv4z2bC9Bi2o.g_fjE_EeeBy6J1YFqeP4AfWlQ3sMSI3yiMTPRrHkBaQ’
0|index | See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4
0|index | at /var/www/storehippo/app/servers/ssl_certificate/node_modules/acme-v2/node.js:34:13
0|index | at
0|index | at process._tickDomainCallback (internal/process/next_tick.js:228:7)
0|index | { Error: socket hang up
0|index | at TLSSocket.onHangUp (_tls_wrap.js:1135:19)
0|index | at Object.onceWrapper (events.js:313:30)
0|index | at emitNone (events.js:111:20)
0|index | at TLSSocket.emit (events.js:208:7)
0|index | at endReadableNT (_stream_readable.js:1055:12)
0|index | at _combinedTickCallback (internal/process/next_tick.js:138:11)
0|index | at process._tickDomainCallback (internal/process/next_tick.js:218:9)
0|index | code: ‘ECONNRESET’,
0|index | path: null,
0|index | host: ‘localhost’,
0|index | port: 443,
0|index | localAddress: undefined } ‘respppppppp’ undefined
0|index | { Error: ENOENT: no such file or directory, open ‘/root/acme/etc/live/pinekart.com/fullchain.pem
0|index | errno: -2,
0|index | code: ‘ENOENT’,
0|index | syscall: ‘open’

There is no rate limit error.

Looks like a user input is required, there is no or there is the wrong user input 'respppppppp'.

What client is used?

Have you read https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4?

That error is from your ACME client, not Let’s Encrypt.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.