Request to unblock rate limit


#1

Hello!
Since 29 of January I’ve been getting errors like(but unfortunately I noticed it only yesterday when I got alert about expiring certificates) :
'Failed to verify ACME account: 403 urn:ietf:params:acme:error:rateLimited:
Your IP, 88.99.28.90, has been blocked due to ridiculously excessive traffic.
Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org

Could you please help to understand what is wrong?
Before this error logs are missing. :frowning:


#2

Do you run Kubernetes with cert-manager?

Before version 0.6.x 0.5.1, there was some undesirable behavior which resulted in many IPs being blocked - https://github.com/jetstack/cert-manager/issues/407

Staff will see this thread and unblock you, but you might first check that you’re running an upgraded version of cert-manager.


#3

Hi @joyjey.

Yup! I can help process the unblock but first I need to know more about your setup. What ACME client were you using? What version? Were you able to identify the cause of the excessive traffic and get it fixed?

Perhaps you could try replicating your setup with the staging environment and carefully monitoring it to ensure that the level of API traffic produced appears reasonable.


#4

I guess that is the error:
Warning ErrVerifyACMEAccount 36s cert-manager-controller Failed to verify ACME account: Head : unsupported protocol scheme “”
Warning ErrInitIssuer 36s cert-manager-controller Error initializing issuer: Head : unsupported protocol scheme “”
Warning ErrInitIssuer 32s (x12 over 36s) cert-manager-controller Error initializing issuer: Head : unsupported protocol scheme “”
Warning ErrVerifyACMEAccount 32s (x13 over 36s) cert-manager-controller Failed to verify ACME account: Head : unsupported protocol scheme “”

cert-manager version : 0.4.1


#5

That definitely needs an upgrade!


#6

Agreed! @joyjey can you please update this thread when you’ve updated your cert-manager installation to v0.6.x? I can begin unblocking your IP after that.

0.6.2 is the newest at the time of writing. The 0.6.0 release specifically addressed “Improved handling of ACME rate limits” and will likely solve the problem that caused your IP to be banned for sending excessive API traffic originally.


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.