Rate limit increase request - switching from kube-lego to cert-manager

My domain is:
4players.me

I ran this command:
I actually updated our cluster from kube-lego to cert-manager 1.0 - and that re-triggered 240 certificates for our customers on this cluster - quickly got to 50 and my CertificateRequests started failing - thats when I realised that there is a rate limit.

As you can imagine - the remaining 190 customers on this cluster are not happy at all since their websites dont work - and waiting 4 weeks to catch this up is not an option.

I have send the rate limit increase form - but Im wondering is there any way of expediting this process or getting in derect communication with letsencrypt team?

2 Likes

While you wait, can you manually issue a cert with multiple customers on it?
Each LE cert can hold 100 SAN entries (four certs would cover the 190 names and their www's).

3 Likes

How exactly did you upgrade? Here's a migration guide.

Theoretically when you upgrade you can reuse the an existing ACME account when setting up cert-manager?

That would have caused the certs to renew using your existing account instead of recreating which wouldn't have bumped up against the new domain limit.

FWIW the (before upgrade) existing public keys and certs should still be valid, no? Can you roll back to that data?

4 Likes

Hi! I received your rate limit adjustment request. This will likely go out at the end of the week. I can check with the team to see if we can do it sooner, depending on the availability of the team (but no promises!).

Best,
JP

4 Likes

If you were here - I would kiss you in the forehead :smiley:

Jokes aside - thanks, really appreciate it - even if team is not available ( but holding my fingers that it is since it would relief a lot of pressure on support )!

Its awesome to get feedback this fast and direct!

As for other questions:
I have followed the migration guide by the letter, and created an account from old kube-lego acc, but I had to change the way certificates are stored - every deployment now has its own K8 secret that holds the certificate - that was not the case before with kube-lego - for whatever reason it was pointing to same "secret" object.

As for generating cumulative certificates - I haven't tried it yet since this is an automated sistem an manual generation does not seem like an option ( could be a temporary one - but since I already reached the limit I cant create any new certificates - even manually )

I tried rolling back the data - but unfortunately it did not work ( Besides upgrading from kube-lego to cert-manager - I have updated 2 versions of k8 also in the past days - so that could have messed it up since kube-lego is depricated - but also may be something else tbh ).

3 Likes

Hi jple,

Do you have any info on when will the rate limit be pushed since I still cant get any more certificates?

kind regards,
iGoogle

3 Likes

Ok, now Im starting to panic!

I was expecting the update by the end of the week - even relayed that timeframe to customers - but I still hit the limits yesterday and today!

Can you give me any update on the rate limit update for our account?

2 Likes