Rate limit or certificate limit?


#7

Èvery web hosting provider does so…


#8

yeah shared hosting/web hosts with control panels like plesk, directadmin, cpanel and interworx


#9

so essentially if each server runs his own panel it can also run its own LE client then at the very least the per IP and (assuming there is) account limit can be circumvented partially.


#10

I’m afraid you haven’t understood my question correctly.
Imagine one shared hosting server with let’s say 1.000 domains (assigned to 500 customers). This one server has one IP. We use one ACME registration to request 500 certificates (all with two SANs: with and without “www.” subdomain).
So I’m interested if we might reach any limit here. We don’t hit the “registrations per IP limit” (as we have only one registration) and we don’t hit the “domains per certificate” limit (every cert has only two domains).


#11

I wasnt sure so I said that if it wasnt done the way you are doing it already then you could do it that way.

but we really need someonne from LE on this because that info is something they have…


#12

You will hit the “300 registrations per account per week” limit if under one account if the server gets more then 300 pending registrations in a week. I would like this limit removed for this reason Remove 300 registrations limit


#13

Is this limit about 300 registrations or 300 pending registrations?
If pending, then this shouldn’t be no problem for our users (as long as we don’t request >300 certs within 5 minutes ;)).


#14

300 registrations (no matter the outcome)


#15

Well, the official docs say something different:

Pending Authorizations/Account limits how many times an ACME client can request a domain name be authorized without actually fulfilling on the request itself. This is most commonly encountered when developing ACME clients, and this limit is set to 300 per account week. Please utilize our staging environment if you’re developing an ACME client.

There is no limit to the number of certificates that can be issued to different domains.


#16

This is a little ambiguous “how many times an ACME client can request a domain name be authorized without actually fulfilling on the request itself”. I just tested by fulfilling one of my pending verification requests and I still couldn’t do any more registrations. So right now it means any pending requests whether it is fulfilled or not.


#17

Either way don’t you think this limit is unnecessary?


#18

If pending is defined as;

Then I think it’s a perfectly sensible limit. As I read it, if a client keeps requesting a single domain name be authorized, more than 300 times a week … for the same domain. Yes I’d put in the rate limit. I can’t think of any logical reason why someone would want to ask for the same domain name more than 300 times ( unless they were testing, or should be testing, in which case it should be done on the test / staging environment)


#19

It’s clearly defined what pending is. It’s a little ambiguous, because it doesn’t say if invalid attempts count, too.

How did you do that? Did you save all the tokens and challenge URIs?


#20

Yeah I saved all of them. Did 300 requests previously to see if the limit was still there and kept all the tokens & url’s


#21

Did you just answer the challenge or did you actually solve it resolving it to valid?


#22

I resolved it and got a 201 for /acme/new-cert


#23

How many times can my company https:// site is accessed per week using LE?

I am trying to understand if the 20 per week limit refers to 20 visitors logging into my https:// portal or not?


#24

Nothing to do with the number of visitors - that’s complete unlimited ( from a certificate point of view)

The limit is purely for obtaining new certificates from Let’s Encrypt.


#25

please increase the limit Of This Domain www.msoft4tech.ml and msoft4tech.ml


#26

What’s the issue you are having ?