New rate limit meaning

According to the latest latest rate limit update the order of new issuances and renewals should not matter.

I assumed that means if i renew a large number of certs I can still issue 20 new ones for the domain within one week.

But it does not seem to work this way. I renewed 40 certs on July 27th and now tried to issue a new one and still get a “get too many certificates already issued” error. I checked all 40 certificates using and all had a previous cert with the same set of dns names.

Hi @thomasb1,

It’s possible that there’s a bug in the new rate limit logic. Could you share the certificate information for the renewed certificates and the failed new issuance so that we could double-check whether they were processed according to the current rate limit documentation?

If I understood the code correctly this is the issue:

I wrote a small tool to check the status of all certificate issuances:

I’ll send you the domain via PM.

Hi @schoen, you can take as example. I want to apply a new certificate but got ratelimit exceeded error. However there was only ONE new cert granted in past 7 days despite tens of renewals.

@mpjanet I filled a bug and a MR for this issue:

And wrote a small tool to check the renew / new counts:

Thanks! It looks like @jsha is looking into this on GitHub.

I really appreciate people helping to make sure that we get these details right.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.