The new Failed Validation limit of 5 failures per account, per hostname, per hour


I would like to get more information about the new “Failed Validation limit of 5 failures per account, per hostname, per hour”.

Here is my concern:

  1. Lets suppose the MyCompany Inc. starts to issue certificates on user’s behalf using the domain and the account
  2. 5 different users come and want to issue certificates for 5 different domains -, etc. and all these requests fail.

Does that mean our account ( and our host ( will be blocked for one hour?
I hope not and I expect that in the above scenario the combination of and, and, etc. will be blocked if more than 5 failed requests are send for these hostnames from this account?

Have I understood that correctly?


Pretty much. You can have multiple accounts with the same email address -- the failed validation rate limit would only apply to the guilty account, not all of them.

And, to be clear, if is rate-limited, that doesn't affect different hostnames under the same domain, like or or even

1 Like

And this will block it for only one hour, correct?

Yep! 1 hour from the first failed validation.*

  • Give or take? I don’t think it’s rounded.
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.