@jsha, how does this work in ACMEv2? Is there a possibility of hitting a new order rate limit due to a buggy client while only successfully issuing a very small number of certs?
@JuergenAuer for the 4 active certificates for CN=grafana.internal.aks-dev.lifen.fr, it is caused by manual destruction of the previous obtained certificates because recreating the whole k8s cluster without backup. (This should not happened normally)
@schoen about donating to be able to get a higher rate limit, is it something possible or is it out of scope ?
You are welcome to donate to this worthy cause, but rate limit increases (including for >300 orders per 3 hours) are granted to anybody with a legitimate need. You can find the application link near the bottom of Rate Limits - Let's Encrypt .
One thing to note is that CT logs do not report on the number of orders, because orders do not necessarily result in a certificate being issued. You should try and figure out why your environment is generating so many ACME v2 orders.
If this is the cause for the spike in orders, then those orders should be spread out over time, and that is probably not a legitimate reason for a rate limit exemption.