I ran this command:
I actually updated our cluster from kube-lego to cert-manager 1.0 - and that re-triggered 240 certificates for our customers on this cluster - quickly got to 50 and my CertificateRequests started failing - thats when I realised that there is a rate limit.
As you can imagine - the remaining 190 customers on this cluster are not happy at all since their websites dont work - and waiting 4 weeks to catch this up is not an option.
I have send the rate limit increase form - but Im wondering is there any way of expediting this process or getting in derect communication with letsencrypt team?
While you wait, can you manually issue a cert with multiple customers on it?
Each LE cert can hold 100 SAN entries (four certs would cover the 190 names and their www's).
That would have caused the certs to renew using your existing account instead of recreating which wouldn't have bumped up against the new domain limit.
FWIW the (before upgrade) existing public keys and certs should still be valid, no? Can you roll back to that data?
Hi! I received your rate limit adjustment request. This will likely go out at the end of the week. I can check with the team to see if we can do it sooner, depending on the availability of the team (but no promises!).
If you were here - I would kiss you in the forehead
Jokes aside - thanks, really appreciate it - even if team is not available ( but holding my fingers that it is since it would relief a lot of pressure on support )!
Its awesome to get feedback this fast and direct!
As for other questions:
I have followed the migration guide by the letter, and created an account from old kube-lego acc, but I had to change the way certificates are stored - every deployment now has its own K8 secret that holds the certificate - that was not the case before with kube-lego - for whatever reason it was pointing to same "secret" object.
As for generating cumulative certificates - I haven't tried it yet since this is an automated sistem an manual generation does not seem like an option ( could be a temporary one - but since I already reached the limit I cant create any new certificates - even manually )
I tried rolling back the data - but unfortunately it did not work ( Besides upgrading from kube-lego to cert-manager - I have updated 2 versions of k8 also in the past days - so that could have messed it up since kube-lego is depricated - but also may be something else tbh ).
