Rate limit not available as documented?


#1

Hello,

in staging system i could register fine all domains as I wanted.
But in production I got same procedure denied for 6th certificate so it seems that the 20 registrations/domain+week didn’t work correctly and the “old” limits are still up?

I got message:
Sign failed: "detail":"Error creating new cert :: too many certificates already issued for: <domain>"

Bests

Reiner


#2

Could you tell us your domain? Maybe there are 14 other certificates from earlier this week.


#3

Hello,

thanks for quick reply.
And sorry, checked for your question also acme.sh config folder of my staging system:
The Le_API URL in the config file shows that on my last test run before putting it onto production
server I somehow accidentally requested/issued already 12 certs on production LE.

Additional the first 6 requests - all with same host names - came through on final server.
=> I try to “refurbish” the already issued certs to productive server and check next week if I can reuse or re-issue them.


#4

If the set of hostnames is exactly the same in all the certificates, you’re running into the “duplicate cert rate limit” of 5 per week.


#5

We have compiled all limits we could find into one document at: https://keychest.net/content/letsencrypt_numbers_to_know

5 per week is the “renewal limit”


#6

Hi,

yes thanks. I only couldn’t close this thread ^^
I have read the limits on https://letsencrypt.org/docs/rate-limits/ so I was in first response thinking that there is still old value active.

As already answered I had accidentally created production certificates on staging server first.
From LetsEncrypt error message it was no renewal problem but “new issue” limit hit.

And I could already created on Wednesday the new certicate for my domain.
Perhaps someone else using also this domain for local office usage with DNS hostname so I am not aware of.this when counting requested certificates.

Thanks and Bests.


#7

One nice tool to check on the status of the certificates per registered domain rate limit with respect to a specific domain is

Edit: although I guess that’s not the particular limit you were dealing with. @sahsanu, is there any chance of also supporting the duplicate certificate limit in lectl?


#8

I cannot promise you anything but will take a look :wink:


#9

All well and good, such a limit compilation, but the official site calls this the “Duplicate Certificate limit”: https://letsencrypt.org/docs/rate-limits/


#10

thanks! and yes, indeed it does. my err.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.