Rate limit on staging server?

I’ve been working on a hook script using nsupdate for use with letsencrypt.sh and dns-01 authorization. I’m using the staging server rather than the production server. At least, I think I am; this is all new to me, but I’ve set “CA=https://acme-staging.api.letsencrypt.org/directory” in config.sh

The problem is that after several unsuccessful runs where the server was unable to authenticate due to problems on my end, I’ve run into a rate limit:

` + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 429)

{“type”:“urn:acme:error:rateLimited”,“detail”:“Error creating new authz :: Too many currently pending authorizations.”,“status”:429}

Am I doing something wrong? All the docs and FAQs I’ve read say to use the staging server during client development to avoid the rate limit problem, which I thought I was doing, so this was a surprise to me. Is there any way to clear the pending authorizations?


This error is new to me (in the sense that it’s the first time I read about it in the forum). However, I’d guess a possible response based on the source code of boulder.

The rate limit check is defined at:

and this is the implementation of the CountPendingAuthorizations method:

It seems that you generated number of authorization requests larger than the allowed limit. The authorization is used to validate the ownership of a specific domain.

You may fix the issue by validating one of the pending authorizations or waiting for the rate-limit window to expire. I have no idea what is the window as this is a configuration that can be loaded via YAML and it doesn’t seem to be in boulder. It may probably be environment specific.

You’re doing the right thing to use staging for your client development. The rate limit will clear up in a few hours. If you want maximum flexibility or are doing a large volume of testing, you may want to check out the Boulder repository and run a local instance of Boulder.