Request for one-off reset of rate-limit

Hi there!

https://tools.letsdebug.net/cert-search?m=domain&q=space.trixta.io&d=168

My company (Trixta) accidentally ran afoul of Let's Encrypt rate limits. For our product, we need to create many domains of the form domain-name.space.trixta.io.

Unfortunately, we are not experts in this area. We did not realize that there was a rate limit, or that we could use wildcard certificates.

What we really need, is just one wildcard certificate (*.space.trixta.io), which we can't create because we have hit this rate limit.

We apologise to Let's Encrypt, our intention was not to spam anyone, and this was a mistake made in good faith. Rules are rules, and it is not your fault that we broke them.

With that in mind, we would like to humbly request that our rate-limit be reset this one-off time, so that our team can be un-blocked. Else we will be unable to develop properly until next week.

I guess you hit the " Certificates per Registered Domain (50 per week)" limit Rate Limits - Let's Encrypt

I will quote the important part:

Revoking certificates does not reset rate limits, because the resources used to issue those certificates have already been consumed.

If you’ve hit a rate limit, we don’t have a way to temporarily reset it.

We use a sliding window

So, if I read correctly https://crt.sh/?q=%25.trixta.io you need to wait only 2023-10-07 + 7 = 2023-10-14

4 Likes

I missed that bit in the docs.

Thanks anyway!

Wrt to wildcard certificates then: Have I understood the concept correctly? My understanding is that once the rate limit expires, we will be able to create one certificate for *.space.trixta.io, and then (provided we configure our nginx reverse proxy and our Route53 correctly) we will be able to create potentially thousands of websites of the form *.space.trixta.io that run on our infrastructure?

1 Like

Yes.

:warning: the certificate *.space.trixta.io is only valid for one level (ex. anything.space.trixta.io will work but NOT something.anything.space.trixta.io)

2 Likes

and it doesn't cover space.trixta.io itself, but its trivial to add one in that certificate anyway

3 Likes

Awesome then. That will be all that we need.
Thanks for your help.

Noted, thanks.

3 Likes

If you have good reason for more than 50 certs per week without being able to use a wildcard to overcome the rate limit, you can request a rate limit exemption. See the rate limit documentation page about that.

Note that those exemptions are coupled to an ACME account, so you might want to learn more details about the ACME protocol, the clients working with it and ACME accounts. Especially how to back it up.

8 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.