Symptoms
When running AutoSSL, you receive an error similar to either of the following.
0:00:00 AM WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: Reason)) You may contact Let’s Encrypt to request a change to this rate limit.
WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/123456789) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for "domain.tld". Retry after 2024-04-01T19:00:00Z: see https://letsencrypt.org/docs/rate-limit
Description
Let's Encrypt has many reasons to rate limit a user. For new certificate requests, that is, domains that are not currently issued a Let's Encrypt SSL, the following limits apply:
- Up to 50 certificates can be issued per registered domain every 7 days. In www.example.com, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk.
- Up to 5 certificates can be issued per exact same set of hostnames every 7 days. If you request a certificate for example.com and login.example.com, the “exact set of hostnames” is:
[example.com, login.example.com]
- Up to 5 authorization failures per hostname can be incurred by one account every hour. An authorization is generated for each hostname included in an order. Before a certificate can be issued, all authorizations in the order must be successfully validated.
These rate limits apply to new certificates specifically. The limits are not applied if a Let's Encrypt SSL already protects your domain. The rate limits provided above are an excerpt of the full documentation provided by Let's Encrypt. Please take a look at the full document linked below for more details.
Workaround
Review an AutoSSL log before the logs where the rate limit was hit to determine the reason for the DCV failure and resolve that issue. You may need to wait some time for the rate limits to expire before attempting to renew the certificate.
Comments
0 comments
Article is closed for comments.