Make rate limits and too many requests of a given type more transparent

please make these both errors more transparent:

  1. I would find it useful, if you add a section to your FAQ (next to “is it really free”)
  2. add a a date to the error message, how long the rate limit affects (e.g. certbot-auto)

and it would be useful, if you tell us, how rate-limits work in generell.
I waited for one week and could only create one new cert and hit rate-limits again.

btw: is there a option to get rid of rate-limits? e.g. donate?

kind regards

What’s wrong with the current documentation?


The only way around them - in the general case - is to apply for and be granted a rate limit exception. These are granted in specific circumstances, e.g. for a university or hosting provider.

What limits are you running into? We could help you figure out a different issuance strategy than would help you. You shouldn't run into the issue of tripping a limit at one certificate a week unless something strange is happening. The limit in the linked article is if you issue five identical certificates per week. Why are you repeating issuance of identical certificates? This limit is usually a sign of a broken renewal mechanic, such as using --force-renewal or --renew-by-default in certbot.


the rate limits are also tied to the equipment use to ensure cryptographic functions (HSMs) and ensuring that one user does not DDoS the system and make it unavailable to everyone else

as said previously - its a good mechanism that you should try to understand rather than “remove”

you may not be used to such mechanism with paid ca’s as they well charge you :smiley:

the error codes are missing
If one runs into this error he googles it. But that did not bring up this page.

And a hint in the FAQ (maybe after: is it really free - yes, but rate limits apply with a link to this page) would be helpful, too

the mechanism is fine. I only voted for transparency and helpful output e.g.on certbot

I had to migrate 40 hostnames by hand using certbot-auto (,,, ...). After a number of hostnames I ran into rate limits. I waited for 1 week and tried again. I was able to create one cert and ran again into rate limits. I had to wait one hour and I was able to generate 2 new certs. Than I had to wait 10 min. and was able to create one again....

The problem for me was, that you seem to calculate rate limits by the last 7 day from now. So I can not create 6 new certs at once after 7 days.

The rate limit is a sliding window. You can issue a certificate as long as you haven’t issued 20 certificates for the same domain in the past 7 days. So if you issue one every hour today, you’ll hit the rate limit after the 20th, then 7 days after you created the first one you can create one more, then an hour later one more, and so on.

(I thought this was explained in the rate limit documentation, but reading it again now, I can’t find it…)

BTW, you could just issue a single certificate for all 40 subdomains (up to 100 in fact) and it would only count as 1 towards the rate limit.

This script is helpful in figuring out when you’ll be able to issue again:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.