According to the latest latest rate limit update the order of new issuances and renewals should not matter.
I assumed that means if i renew a large number of certs I can still issue 20 new ones for the domain within one week.
But it does not seem to work this way. I renewed 40 certs on July 27th and now tried to issue a new one and still get a “get too many certificates already issued” error. I checked all 40 certificates using crt.sh and all had a previous cert with the same set of dns names.
It’s possible that there’s a bug in the new rate limit logic. Could you share the certificate information for the renewed certificates and the failed new issuance so that we could double-check whether they were processed according to the current rate limit documentation?
If I understood the code correctly this is the issue: https://github.com/letsencrypt/boulder/issues/2922
I wrote a small tool to check the status of all certificate issuances: https://github.com/tbutter/check_le_count
I’ll send you the domain via PM.
Hi @schoen, you can take mooo.com as example. I want to apply a new certificate but got ratelimit exceeded error. However there was only ONE new cert granted in past 7 days despite tens of renewals.
@mpjanet I filled a bug and a MR for this issue:
And wrote a small tool to check the renew / new counts: https://github.com/tbutter/check_le_count
Thanks! It looks like @jsha is looking into this on GitHub.
I really appreciate people helping to make sure that we get these details right.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.