I ran this command:
certbot -d *.DOMAIN.ludevices.com -d *.DOMAIN2.ludevices.com --preferred-challenges=dns --csr $CSR_FULL_FILENAME, --manual --manual-auth-hook $AUTHENTICATOR_SCRIPT --manual-cleanup-hook $CLEAN_UP_SCRIPT --manual-public-ip-logging-ok --cert-path $signedCertificateFilename.ignore --fullchain-path $signedCertificateFilename certonly
It produced this output:
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates already issued for "ludevices.com". Retry after 2024-10-01T13:00:00Z: see Rate Limits - Let's Encrypt",
"status": 429
}
The operating system my web server runs on is (include version):
Ubuntu 22
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0
I reviewed the rate limit adjustments on your account and found that in June 2023, we increased your New Orders Per Account limit to 16,000 per week. I believe this is the override you’re referring to. However, the "rateLimited" response you mentioned is actually related to the Certificates Per Domain limit.
In March 2020, we increased your Certificates Per Domain limit to 8,000 per week, but in the past week, your account issued over 8,000 certificates. Based on this, it appears that our rate limits are functioning as expected.
That's actually lower than the current default rate limit of 16 800 new orders per week? (168 hours in a week, divided by 3, times the current 300 new orders per 3 hours = 16 800 new orders/week. Which is more than the 16 000 rate limit.)
I see just over 10,300 certs for that registered domain (in Censys) in the past week. So, I believe that means about 2,300 were renewals and the rest new.
I also see they got some ZeroSSL certs today so they look to be developing a backup plan. Which probably is good idea anyway
Eh,
So in June 2023, the increase was of the wrong thing,... We intended to further increase the 8000 Certificates Per Domain - as we saw we're going to approach this limit - and here we are a year later actually reaching it in a noticeable way :sigh:
Apparently an internal issue caused us to get to the limit without an alert
We'll need to fix our side of the rate-limiting
For now the current limit should be OK, and as mentioned - ZeroSSL indeed seems like a good possibility as well
Thanks!