Rate Limit for mail.blaschko.org


#1

Please could you remove rate limit for this domain I have run this to many times testing and didn’t know about the limit.

My domain is: mail.blaschko.org

I ran this command: certbot-auto certonly --manual --preferred-challenges=dns --email lukas@blaschko.org --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d mail.blaschko.org

Thank you


#2

Hi @kheeper

there are five identical certificates created.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:mail.blaschko.org&lu=cert_search

You use --certonly, so where are these certificates?

The limit is fixed.

You can add an additional domain name. But then you have to validate two domain names.


#3

To tell you the truth I have tried to get the DNS TXT and I didn’t get the command right so I was creating it and deleting it all the time until I got message about the limit. I’m sorry next time I will be smarter and thank you.


#4

I’m sorry but I still got this message:

/opt/certbot/certbot-auto certonly --manual --preferred-challenges=dns --email lukas@blaschko.org --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d mail.blaschko.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: mail.blaschko.org: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.


#5

You may have misunderstood; when @JuergenAuer said “The limit is fixed” - he meant that it is a fixed limit, not that it has been changed for you.

The limit you ran into applies to an exact set of domains, so you can still request a certificate for a different set of domains - for example by adding a second subdomain to your request along with mail.blaschko.org and the certificate will be valid for both (the second subdomain has to actually exist and point at your server, of course) just remembered you’re using DNS validation, so that won’t be an issue.

Or you can wait it out and try again after 7 days.

If you need to do more testing, you can use the staging server which has its own separate and higher rate limits.