I agree with rg305 that a detailed message could be helpful, but I also agree with Osiris that its implementation could be convoluted. I feel like this would need to be implemented in Boulder to cover all ACME clients (and it would be easier since Boulder already has ready access to the requisite information as evidenced by the existing five-duplicate-certificates-per week rate-limit).
But does the ACME protocol even have a warning mechanism? As far as I know, it only has failures as a way to notice a user?
I don't believe it would be substantial at all. Applying the existing base of information already used by 5-per-week to 2-per-hour should be rather trivial.
I'm not talking about the warning. I'm talking about the limit, which just uses the existing mechanisms.
By the way, even with this hourly limit, it's pretty easy to burn through 5 certs in a week. Just go for lunch, come back later, issue a new cert, have diner, grab another cert. Et cetera.
Perhaps we firstly need some statistics of the rate limit users here on this Community and see how fast they went through their certs. I'd hate to see a new limit added which would only "catch" 10 % of the intended user base.
A new rate-limit. That's the confusion.
I don't think a warning message will be as effective per the reasons I already stated here:
The check is already being done - or how else would it be blocked?
So most of the coding is already in place.
I believe the discussion in this thread has run its course. I will note this feature request to the Let's Encrypt team. For now, Iām going to lock the thread.