I am about to start using Lets Encrypt but I have found a policy problem. Unless the rate limit document is mentioning something wrong.
I have seen that people are getting “Forbidden” error if there are too many pending validations on their domain. Now what if a hacker tries to create Lets Encrypt account and performs 100s of DNS validations so that when I try to request DNS validation, will I always get Forbidden error as hacker is abusing validation limits?
Are failed validation limits only applicable in scope of individual account? Or it is applicable to enter domain name?
So if too many validation error occurs for one account, can I create new account and do validations? If not, someone else can purposely harm us by requesting multiple validations.