[solved] Cert limit reached?


#1

I am hitting the cert limit but only (successfully) generated 3 certs. Any idea what’s going on? Do failed attempts count?


#2

We have a limit on the overall number of certs issued that was set too low (10k). We bumped it up, things should be fixed now.


#3

That fixed it, thanks!


#4

oops that hurts :smile:


#5

I have only 7 certs running, does revocation/reemiting certs count ?
I’ve done some tests with subaltnames but I didn’t like it and decided to issue a cert for each subdomains I own.

Sadly it stopped delivering certs right before my main cert was issued.
So I miss one important one.

Any chance to have at least one more issued (counting I have only 7, not 10).


#6

You should be fine for three more based on the current rate limits. The rate limit window expires after 59 days, so when it comes time to renew the certs you will have more limit available.

Revocation does not count towards the rate limit. The reasoning is this: Our overall issuance capacity is limited mainly by our capacity to sign OCSP responses in a timely manner. Because we are required to continue signing OCSP responses for revoked certificate until they expire, revocation does not increase the available number of certificates.


#7

would that play into factors for the reason for 90 day expiry ? just curious :slight_smile:


#8

well crl and OCSP certainly have less burden if you have shorter times. but well when you make the ratelimit over a year and not over 90 days then the problem gets solves as well because when the limit is already hit and everyone renews then there wont be any difference whether it happens each year or every 90 days, and CRL doesnt count since LE doesnt do CRLs.


#9

As I say, I cannot create anymore cert :frowning: even if the limit is not reached.
Maybe I’ve done something wrong (like creating a multiple name certificate I didn’t want).
Anyway I would have at least 2 other certificates that I can’t create…


#10

I know I can wait, but my actual cert is expired and it’s my main cert (using it for webmail) and I cannot create it with letsencrypt.
I do not want to pay for it on my actual provider…


#11

problem solved.
cert limit removed ?


#12

wait another 24-48hrs i think for public beta to open up :slight_smile:


#13

@eva2000 Are you sure the rate limits in Public Beta will change?


#14

maybe ask @bmw @schoen @jsha ? :slight_smile:


#15

So does LE wants to say any rate limit for the public beta? As I assume it has changed when the public beta was launched.


#16

No, it didn’t change.


#17

Current issuances per domain limit is 5 issuances / 7 days. Details are kept up-to-date on the pinng Beta Announcements thread.


#18

Oh… that explains my problems. Was testing, how and why folder permissions affected the client from failing to obtain certs and renewed a view times… now its clear why I cant get the certs now that I fixed that problem…

see you in 7 days than XD