Rate Limit Clarification (acme/new-cert)

Hey there!

As a very brief introduction, we're an organization in the position of requesting SSL certificates for other organizations. We're running a custom ACME client which we've used to successfully provision a couple dozen certificates so far. I'll venture to say we have a basic understanding of the ACME protocol and Let's Encrypt's published rate limits (Rate Limits - Let's Encrypt).

However, we've hit a "Certificates per Registered Domain" rate limit in our attempts to obtain a certificate for the go.linuxfoundation.org domain:

Error creating new cert :: too many certificates already issued for: linuxfoundation.org

This is confusing because a search on crt.sh (https://crt.sh/?q=linuxfoundation.org) reveals that there have been 5 certificates issued by Let's Encrypt for the linuxfoundation.org domain in the past week. Including our request, this should be well under the 20/week limit published in the rate limit documentation.

Can anyone provide any insight or clarify any misunderstanding on our part here?

Hi @pd-aray,

There are more than 5 certficates... keep in mind that your search is not covering certificates issued for subdomains.

Use this to search for subdomains: https://crt.sh/?q=%.linuxfoundation.org

Cheers,
sahsanu

Thanks so much for pointing that out @sahsanu, that’s exactly what I was missing!

And if you remove the dot after the %, you’ll get everything: the base domain ánd all subdomains…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.