V2 API per-hour restriction: canceled orders?


The rate limits page states:

For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours.

Does this rate limit apply to orders that don’t actually yield a certificate? For example, if an order has 3 domains, and one fails authz, then the client deletes the first order and submits a 2nd, does that constitute 2 “hits” against the 300/hr. rate limit, or one?

Thank you!


Yes, this rate limit is unrelated to successful certificate issuance, so that would count as two orders.


I’m not going to “like” that since this rate limit makes shared hosting more complex under v2 :stuck_out_tongue:, but thank you for clarifying.


@schoen’s reply is correct (thank you), but I’m curious about this part of your question. What do you mean by “deletes the first order”?


I was misremembering; in the moment I thought there was something in the protocol for deactivating/deleting orders that’s analogous to deactivating an authz object.


Gotcha! Just wanted to make sure there wasn’t more confusion. There isn’t a way to deactivate an order explicitly but we do use the deactivated status for an order if any of its authorizations are deactivated.


Ahh, that makes a lot of sense. Thank you!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.