V2 API per-hour restriction: canceled orders?


#1

The rate limits page states:

For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours.

Does this rate limit apply to orders that don’t actually yield a certificate? For example, if an order has 3 domains, and one fails authz, then the client deletes the first order and submits a 2nd, does that constitute 2 “hits” against the 300/hr. rate limit, or one?

Thank you!


#2

Yes, this rate limit is unrelated to successful certificate issuance, so that would count as two orders.


#3

I’m not going to “like” that since this rate limit makes shared hosting more complex under v2 :stuck_out_tongue:, but thank you for clarifying.


#4

@schoen’s reply is correct (thank you), but I’m curious about this part of your question. What do you mean by “deletes the first order”?


#5

I was misremembering; in the moment I thought there was something in the protocol for deactivating/deleting orders that’s analogous to deactivating an authz object.


#6

Gotcha! Just wanted to make sure there wasn’t more confusion. There isn’t a way to deactivate an order explicitly but we do use the deactivated status for an order if any of its authorizations are deactivated.


#7

Ahh, that makes a lot of sense. Thank you!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.