Rate limited but no where near 20 certs in a week

Oh god, probably the millionth time this has been asked, but I thought it was a limit of 20 a week per A record on a domain, but I seem to have been limited to 5. All the certs are single record certs, ie something.hartleyns.com, somethingelse.hartleyns.com

Could one of you kind people let me know why I am being limited with an error of “There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: hartleyns.com: see https://letsencrypt.org/docs/rate-limits/

I have existing certs, but they are well before a week, but in total for this domain, it’s probably 10 in total over the time I have been using the service.

Thanks

a very confused James

~20 certificates in the last 3 days or so.

Looks like some of the same certificates have been issued 2-4x in duplicate. What's issuing these certificates? Looks like you're probably running some container-based environment, maybe there has been some malfunction in the orchestration of the certificates.

Maybe you are affected by cert-manager and/or kube-lego hit Let's Encrypt too aggressively · Issue #407 · cert-manager/cert-manager · GitHub ?

20 per week per Registered Domain, which in your case is hartleyns.com.

1 Like

thanks _az, yeah I was reading through some other posts, and looked at the google transpareny report, seems my traefic server is being a little over zealous in requesting certs! I did not realise it was getting a new one every time. It is in a container but the acme.json is in persistent storage. Hmm, better turn OnDemand to false, issue a wildcard and debug at my leisure! So if they have all been issued in the last few days, when can I expect to be able to issue that one wildcard? they mention sliding scale, but not sure if that means that issuing 1 yesterday means I can issue 1 today, or is a week a week? The 10 on Monday and 10 on Friday doesn’t make any sense, to me anyway!

Thanks

James

Your earliest relevant cert appears to be this one: https://censys.io/certificates/9fb179d4f885ce93f99d1c3ae9d3cb06e9184c52dd10086c7a153e469cf50489

So your next certificate would be issuable at 2018-07-25 20:19:21 UTC (give or take an hour, since Let's Encrypt fudges the validity period slightly).

Ah! Earliest relevant, that makes more sense now! Not sure why I was looking at the last cert issued. Need more sleep!

Thank you for all your help, I shall wait, issue a wildcard and probably burn the traefik server and it’s auto cert setup and just go with the wildcard, much easier!

James

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.