Renewal of revoked certificates is blocked

We have about 150 domains hosted on our server on one single IP and are using Traefik with Let's Encrypt. (see below for some domain examples)

After revocation of the certificats we cleared the certificates in Traefik to renew them (recommended method on Traefik website https://traefik.io/blog/how-to-force-update-lets-encrypt-certificates/ )

However only a few certificats were renewed and I have this message in the logs:

time="2022-02-02T11:35:37Z" level=error msg="Unable to obtain ACME certificate for domains \"www.mathieu-peintures.com\" : unable to generate a certificate for the domains [www.mathieu-peintures.com]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/" providerName=cnameresolver.acme
time="2022-02-02T11:35:37Z" level=error msg="Unable to obtain ACME certificate for domains \"bopplandtechnik.jd-partner.de\" : unable to generate a certificate for the domains [bopplandtechnik.jd-partner.de]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/" providerName=cnameresolver.acme
time="2022-02-02T11:35:37Z" level=error msg="Unable to obtain ACME certificate for domains \"fischer.jd-partner.de\" : unable to generate a certificate for the domains [fischer.jd-partner.de]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/" providerName=cnameresolver.acme
time="2022-02-02T11:35:37Z" level=error msg="Unable to obtain ACME certificate for domains \"www.proverts33.com\" : unable to generate a certificate for the domains [www.proverts33.com]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/" providerName=cnameresolver.acme
time="2022-02-02T11:35:37Z" level=error msg="Unable to obtain ACME certificate for domains \"agrifusa.concesionario-jd.es\" : unable to generate a certificate for the domains [agrifusa.concesionario-jd.es]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/" providerName=cnameresolver.acme

We are getting the same error for over 24h now and I do not see what rate limit we are hitting, and we are getting only 10 or 20 certificats within two days out of 150 requests.

All the domain names pointing to 51.178.69.218

Also I really would appreciate it if you could temporarily remove rate limits for our IP so that we can renew the certificates without changing providers.

1 Like

It's in the error message:

too many new orders recently

That means you're requesting new orders at a rate of more than 300 or, if the temporary rate limit increase is still in effect, more than 1000 per 3 hours.

This is not a limit which can be changed on an IP based level, so there's nothing to remove.

4 Likes

Well, I do not think this is the case here, why would only 10 domain names out of 150 renew if the limit is set to 300 or 1000 for 3h. We restated the process and always get the same error.

There must be other limits that are hit when using the procedure described on Traefik's website (For example it asks for 150 or 300 certificats in one single second, as all logentries have the same Timestamp) ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.