Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:ondemand.com
I ran this command: Configuring GCP managed certificates in Global HTTP(S) Loadbalancer
It produced this output:429 (rate limit exceeded)
My web server is (include version): I don’t Know what GCP is using
The operating system my web server runs on is (include version): I don’t Know what GCP is using
My hosting provider, if applicable, is: SAP’s domain (ondemand.com) on GCP for IaaS
I can login to a root shell on my machine (yes or no, or I don’t know):I don’t Know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):I don’t Know
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):I don’t Know
We are working to enable Google Cloud Platform as part of our infrastructure.
To leverage the GCP’s managed certificates option, as we were testing, we observed that the LB configuration with managed certificate request was getting failed and started working after few days. We were told by GCP’s support team that it is due to the Let’s Encrypt (rate limit - 50 cert requests per week) as we see in public documentation too.
As we checked with other teams within SAP, they are using a special account of Let’s Encrypt which has this limit extended over a period of time(atleast thousands of certificates every week) for the same registered domain that we are trying to sign. (ondemand.com)
GCP cert team has confirmed that they can’t help here as the limit could be increased only by either Let’s Encrypt team or from the SAP side and they are only relaying. Our doubt is, if one team can sign 1000+ certificates for the same registered domain then how could it be that the issue is on SAP domain side? Not sure . Could you please guide us to check how we can gather more precise details on what’s the rate limit for the account that GCP is using and for our domain in particular. We can open a support ticket to GCP and involve GCP’s cert team if more technical details are required.
Knowing this limit and understanding better helps us to estimate the potential delays in configuring LBs. If you have a different channel to support us, please direct us.