Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version):
windows-2022
My hosting provider, if applicable, is:
azure
I can login to a root shell on my machine (yes or no, or I don't know):
I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hi all,
We seem to be hitting our rate limit more often than usual over the last week (We never had this happened until last week). Nothing has changed on our end; commands, parameters, number of certs generated etc. Would anyone be able to provide any insights on this issue?
Something has changed--you've issued five identical certs within the past week, and you're now trying to get another one. Use one of the existing certs. If they're gone, figure out what in your system is requesting, and then discarding, these certs.
I am a little puzzled by the error. Do you already have a rate limit exemption from Let's Encrypt? Your organization would have had to request it so you would know if you did.
You are getting a very large number of certs with the domain you gave. The error message is similar to the one for more than 50 certs per week for a single registered domain name. But, you got way more than that with that domain. And, that isn't a registered domain name which is also puzzling (nor is it on the Publix Suffix List).
Are you a service provider? Or are all these names used in your own organization? Any more info will help us understand.
The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. ... We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued , possibly with additional details.
There are so many certs with that domain some of our normal tools timeout trying to list them. But here are just 5 subdomains you got a Let's Encrypt cert for just today (Apr25). I see about 20 similarly named certs from today and others for prior days. Could this new pattern of names be involved in this new error?
No, we're getting no exemption ourselves, we're just applying a Lets Encrypt cert to an Azure Application Gateway. We didn't know about how the rate limit was tied to the public suffix list when we started this as we saw this approach listed in a few places on the internet.
But in the last week we've seen the error complaining about hitting the rate limit on 'cloudapp.azure.com', so we maybe assumed LetsEncrypt handled Azure and other cloud service providers maybe differently and that could have changed recently. We only moved to ukwest region this week after hitting the rate limit issue in westeurope.
Basically we spin up preview environments for our application with each change and have be utilizing this approach for 2 years now.