[solved] Cert limit reached?

godfool · November 11, 2015, 12:54am

I am hitting the cert limit but only (successfully) generated 3 certs. Any idea what’s going on? Do failed attempts count?

jsha · November 11, 2015, 2:30am

We have a limit on the overall number of certs issued that was set too low (10k). We bumped it up, things should be fixed now.

godfool · November 11, 2015, 3:27am

That fixed it, thanks!

My1 · November 11, 2015, 8:22am

oops that hurts

sioban · November 11, 2015, 9:17am

I have only 7 certs running, does revocation/reemiting certs count ?
I’ve done some tests with subaltnames but I didn’t like it and decided to issue a cert for each subdomains I own.

Sadly it stopped delivering certs right before my main cert was issued.
So I miss one important one.

Any chance to have at least one more issued (counting I have only 7, not 10).

jsha · November 11, 2015, 5:02pm

You should be fine for three more based on the current rate limits. The rate limit window expires after 59 days, so when it comes time to renew the certs you will have more limit available.

Revocation does not count towards the rate limit. The reasoning is this: Our overall issuance capacity is limited mainly by our capacity to sign OCSP responses in a timely manner. Because we are required to continue signing OCSP responses for revoked certificate until they expire, revocation does not increase the available number of certificates.

eva2000 · November 11, 2015, 5:42pm

would that play into factors for the reason for 90 day expiry ? just curious

My1 · November 11, 2015, 6:03pm

well crl and OCSP certainly have less burden if you have shorter times. but well when you make the ratelimit over a year and not over 90 days then the problem gets solves as well because when the limit is already hit and everyone renews then there wont be any difference whether it happens each year or every 90 days, and CRL doesnt count since LE doesnt do CRLs.

sioban · November 14, 2015, 4:07pm

As I say, I cannot create anymore cert even if the limit is not reached.
Maybe I’ve done something wrong (like creating a multiple name certificate I didn’t want).
Anyway I would have at least 2 other certificates that I can’t create…

sioban · November 14, 2015, 4:09pm

I know I can wait, but my actual cert is expired and it’s my main cert (using it for webmail) and I cannot create it with letsencrypt.
I do not want to pay for it on my actual provider…

sioban · December 1, 2015, 7:44pm

problem solved.
cert limit removed ?

eva2000 · December 1, 2015, 9:51pm

wait another 24-48hrs i think for public beta to open up

zakjan · December 2, 2015, 7:23pm

@eva2000 Are you sure the rate limits in Public Beta will change?

eva2000 · December 2, 2015, 7:38pm

maybe ask @bmw @schoen @jsha ?

rugk · December 5, 2015, 7:30pm

So does LE wants to say any rate limit for the public beta? As I assume it has changed when the public beta was launched.

jhass · December 5, 2015, 8:01pm

No, it didn’t change.

jsha · December 5, 2015, 8:22pm

Current issuances per domain limit is 5 issuances / 7 days. Details are kept up-to-date on the pinng Beta Announcements thread.

Th3Z0ne · December 5, 2015, 9:48pm

Oh… that explains my problems. Was testing, how and why folder permissions affected the client from failing to obtain certs and renewed a view times… now its clear why I cant get the certs now that I fixed that problem…

see you in 7 days than XD