Problems rate limit


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mail.segmentocorporativo.com

I ran this command: + Signing domains…

It produced this output:

Details:
{
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new authz :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}

My web server is (include version): nginx

The operating system my web server runs on is (include version): Arch Linux

My hosting provider, if applicable, is: ELSERVER.SRL

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hello,
Please see this article:

I suggest that you:

  • Apply for a rate limit exemption from Let’s Encrypt.
  • Submit the domain to the Public Suffix List , which is used by Let’s Encrypt, but also has broader implications for things like HTTP cookies in web browsers. (For example, abc.europa.eu wouldn’t be able to set a *.segmentocorporativo.com cookie and hack xyz.segmentocorporativo.com .)

It seems that you have too many currently pending authorizations.


Tom


#3

Hi @eliseo

What ACME client are you using? Does it have any more detailed logs? Usually hitting the pending authorizations rate limit indicates that there’s a bug or misconfiguration with your ACME client resulting in it creating many authorizations but never attempting to fulfill them.


#4

I appreciate you trying to help @2e0eej but I don’t think this is the correct advice for this situation. The pending authorizations rate limit won’t be affected by changes to the Public Suffix List and a rate limit adjustment for pending authorizations is usually only appropriate for very large hosting providers with a great deal of concurrent certificate issuance.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.