Strange behavior of Rate Limit


#1

My domain is: dkplan.niras.dk

I ran this command: Request certificate

It produced this output: 429 - “Error creating new cert :: too many certificates already issued for: niras.dk: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CertifyTheWeb 3.0.11

Every time we request a certificate both a Precertificate and a Leaf-certificate is created, and it is as if each count in the rate limits. Is this so? Or why can’t we request more than approx. 10 a week?

Is it possible to get an exemption from the rate limit?

BR
Thomas


#2

The precertificate and the final certificate count only once for rate limits, not twice. There are no rate limits that apply to precertificates and you can safely ignore them.

Have you reviewed the rate limit documentation? It seems to me you are hitting the 20 “Certificates Per Registered Domain” rate limit for niras.dk: https://crt.sh/?q=%.niras.dk


#3

Yes. I did review it. But almost all the requests on the 21st of May is renewalls. It looks as if though they’re treated as new requests?


#4

Per the rate limit documentation:

To make sure you can always renew your certificates when you need to, we have a Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals. An issuance request counts as a renewal if it contains the exact same set of hostnames as a previously issued certificate. This is the same definition used for the Duplicate Certificate limit described above. Renewals are still subject to the Duplicate Certificate limit. Also note: the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.

I hope that helps!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.