Poll_authorizations limits

Zdenek · September 22, 2025, 12:05pm

Hi, I am building python script with acme library and want to integrate pre-validation of the domain before SSL certificate is actually going to be signed.

I use poll_authorizations method from ACME library. Can I use this freely or do I have to take care of limits like when signing SSL certificate? I think there are some limits like 50 requests per week per domain or something like that.

Thanks,
Zdenek

orangepizza · September 22, 2025, 12:49pm

LE doesn't really do preauth, so not much information about it: if you do some hackery and make dummy order as preauth, you'd have 300 new orders per 3 hour (rolling window).

Zdenek · September 22, 2025, 12:59pm

yeah order is what I am bit worried about, sorry for not specifying it in original post.
order = self.client.new_order(csr.encode())

So if that is 300 per 3 hours (I guess for domain, not a client) then we should be fine.

Thank you for your answer,
Zdenek

MikeMcQ · September 22, 2025, 2:43pm

You should review Integration Guide - Let's Encrypt
It is helpful for any ACME Client author especially if this is service/product

All the Rate Limits are: Rate Limits - Let's Encrypt

You might consider using the Let's Encrypt Staging server for just your authorization testing. Much more relaxed rate limits and not consuming LE production resources. Although, I'm not sure why you wouldn't just issue a cert if the auths succeed and report the failure if not.

Another good topic to read from the /docs/ selection is the one for Profiles.

webprofusion · September 23, 2025, 1:33am

Out of interest, what scenario are you trying to achieve by using pre-authorization?

Zdenek · September 23, 2025, 7:15am

to prevent starting the overall flow with CSR creation etc when it is obvious that domain validaiton is not going to be passed. But looks like even when only using poll_authorizations I need to have "order" creates beforehand, that means CSR anyway needs to be created. So I am bit stuck and maybe will not implement any prevalidation at all.

webprofusion · September 23, 2025, 9:41am

Are you working with domains you don't control (e.g. customer domains) or are you working with your own domains?

Are you using http domain validation or DNS validation?

aarongable · September 23, 2025, 2:59pm

To be clear, the ACME protocol does not require a CSR until finalization. It looks like the library you are using requires the CSR to be provided up-front in order to create a new order, but other libraries do not have that restriction.

Zdenek · September 23, 2025, 7:24pm

I use acme library in python

Zdenek · September 23, 2025, 7:25pm

Combination, I wanted to have it bit more user friendly and save resources when it's clear domain validation would fail

Topic		Replies	Views
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many currently pending authorizations Issuance Tech	11	13700	March 30, 2017
ACME v2 300 new order rate limit per 3 hours Issuance Tech	16	2884	December 26, 2018
ACMEv2 - 300 new orders per 3 hours limit Issuance Policy	7	1143	September 12, 2018
[solved] Rate limit with SAN certificate (90 hostnames) Help	11	5768	May 30, 2016
Authorizations - Parent and Children Relationship with Challenges Help	6	1580	June 18, 2017

Poll_authorizations limits

Related topics