Problem: Not enough information when reaching acmetool ratelimit. #13
Assignees
Comments
|
Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible: https://letsencrypt.org/docs/rate-limits/ I have found problems with new certificate requests for the I investigated about this issue, and I found very useful the lectl tool. This tool shows the exact time when you can request a new certificate: ./lectl -seul -m2000 sfu.ca lectl 0.15 (2018-April-16) 2018/July/03 12:56:09 - Checking all certs for sfu.ca I have found 1084 certificates (827 final certs and 257 pre certs) (max number of certs searched: 2000) for domain sfu.ca and its subdomains *.sfu.ca CRT ID CERT TYPE DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs 572369489 Pre cert labhazindex-dev.its.sfu.ca 2018-Jul-03 08:42 UTC 2018-Oct-01 08:42 UTC 89 days labhazindex-dev.its.sfu.ca ... ... ... 12567287 Final cert sentinel.iat.sfu.ca 2016-Feb-04 03:32 CET 2016-May-04 04:32 CEST -790 days 12182674 Final cert poeme.iat.sfu.ca 2016-Jan-22 19:59 CET 2016-Apr-21 20:59 CEST -802 days Sorry, you can't issue any certificate, you already issued 20 certificates on last 7 days You could issue next certificate on Thursday 2018-Jul-05 09:25:00 CEST Note 1: Keep in mind that if sfu.ca is included in PSL (Public Suffix List) the rate limit could only be applied to your subdomain instead of your domain. Note 2: Right now Let's Encrypt is implementing a new feature so if you renew the exact cert (with the same FQDNs) the rate limit could not apply to your domain if you try to renew it. I think can add a brief review about this tool in the README file, in this way we can avoid blind tests to install a new certificate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is not a real role issue, but some information can be added to the README.md file to manage the acmetool ratelimit issue.
The text was updated successfully, but these errors were encountered: