Been renewing my RSA certificates with LE for 8 years, and since EC became an option, twice in a row, one for RSA, another for EC certs. For my renewal this time I was greet with the "Too many requests of a given type :: Service busy; retry later" message, after I requested the very first certificate in over 80 days of my 90-day window for renewal.
I understand limits are in place for certificate requests in the production environment, but locking to just one request at a time seems a little excessive IMHO. And clearly because they are not identical to each other; one is RSA, another is EC, I don't see that as a duplicate.
Was I just luck and got my renewal done during rush hour (8:15AM EST)? Or is there a minimum time I should wait in between requests?
To me, "Service busy; retry later" sounds like some kind of internal issue. I'm not sure why it wouldn't be markes as such, but instead is marked as a "too many requests of a given type" error as this easily can be mistaken as an error associated with the ACME client itself instead of the server.
You probably can try again any time.
yes you were hit by rush hour I guess
too many requests of a given type part is prepended by certbot for ratelimited type error, actual errer message sent by LE would be
"detail": "Service busy; retry later."
Hm, might be a good idea for Certbot to distinguish between actual rate limits and overloads more clearly.
Wish I would also hit the jackpot that easy
I manually triggered my certificate updates during any random time I feel like I can check my systems to ensure new certs were successfully applied (using these for way more than just HTTPS and one server).
While in the "might be a good idea for Certbot", what if we had a certbot flag for one request to both RSA and EC certificates?
What were their timestamps [and time zone]?
2023-10-24 8:12:35AM EST for the first successful request of EC certificates,
2023-10-24 8:13:57AM EST for the failed attempt of RSA certificates.
Unfortunately our traffic can be very bursty, if too many requests come in at the same time. Those bursts rarely last more than a few seconds, so a retry will usually succeed.
There's two "scheduled" bursts every day, at midnight UTC, when a lot of people run scheduled tasks, and at 16:10 UTC when a particular piece of software is preconfigured to renew.
For transparency, here's a graph of when we served those over the last week, with the time you hit circled in red:
This is a small fraction of our traffic, so you do have to be a bit unlucky to hit these bursts. It's typically under 5%-10% of traffic for just a few seconds.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.