Rate limits and renewal exemption -- order matters

I see that the rate limits are setup with a rewewal exemption now, which is great.

However, the exemption has this caveat:

Also note: the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.

This seems to be an odd setup for a system that intends for clients to automate renewals. Obviously, if my renewals are automated, its pretty darn likely that renewals will run before I try to issue a new cert, which is then more likely to run into the new cert rate limit. In fact, I just ran into this exact issue: a whole bunch of renewals automatically processed without issue (due to the client automation and renewal exemption, awesome), but now I can’t even issue a single new cert even though I’ve only issued two in the last week.

Can the renewal exemption be made independent of the new certificate rate limit?

Ok, I do see this issue here to change this: https://github.com/letsencrypt/boulder/issues/2800. Subscribed!

UPDATE: Rate limits are updated and order no longer matters! Yay!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.