Rate limited but no where near 20 certs in a week


#1

Oh god, probably the millionth time this has been asked, but I thought it was a limit of 20 a week per A record on a domain, but I seem to have been limited to 5. All the certs are single record certs, ie something.hartleyns.com, somethingelse.hartleyns.com

Could one of you kind people let me know why I am being limited with an error of “There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: hartleyns.com: see https://letsencrypt.org/docs/rate-limits/

I have existing certs, but they are well before a week, but in total for this domain, it’s probably 10 in total over the time I have been using the service.

Thanks

a very confused James


#2

~20 certificates in the last 3 days or so.

Looks like some of the same certificates have been issued 2-4x in duplicate. What’s issuing these certificates? Looks like you’re probably running some container-based environment, maybe there has been some malfunction in the orchestration of the certificates.

Maybe you are affected by https://github.com/jetstack/cert-manager/issues/407 ?

20 per week per Registered Domain, which in your case is hartleyns.com.


#3

thanks _az, yeah I was reading through some other posts, and looked at the google transpareny report, seems my traefic server is being a little over zealous in requesting certs! I did not realise it was getting a new one every time. It is in a container but the acme.json is in persistent storage. Hmm, better turn OnDemand to false, issue a wildcard and debug at my leisure! So if they have all been issued in the last few days, when can I expect to be able to issue that one wildcard? they mention sliding scale, but not sure if that means that issuing 1 yesterday means I can issue 1 today, or is a week a week? The 10 on Monday and 10 on Friday doesn’t make any sense, to me anyway!

Thanks

James


#4

Your earliest relevant cert appears to be this one: https://censys.io/certificates/9fb179d4f885ce93f99d1c3ae9d3cb06e9184c52dd10086c7a153e469cf50489

So your next certificate would be issuable at 2018-07-25 20:19:21 UTC (give or take an hour, since Let’s Encrypt fudges the validity period slightly).


#5

Ah! Earliest relevant, that makes more sense now! Not sure why I was looking at the last cert issued. Need more sleep!

Thank you for all your help, I shall wait, issue a wildcard and probably burn the traefik server and it’s auto cert setup and just go with the wildcard, much easier!

James


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.