I use tls on demand, and lot of domains, and my caddy reach Lets Encrypt limit 300 certs per 3hr very quickly.
But, i can increase this limit 10 times, using 10 differend emails to issue certs.
So i wrote simple python, put it in cron to run every minute, to change email in Caddy config:
# Update both issuers
for issuer in config["apps"]["tls"]["automation"]["policies"][0]["issuers"]:
issuer["email"] = new_email
response = requests.post(f"{CADDY_API_URL}/load", json=config)
if response.status_code == 200:
print(f"Successfully set new email: {new_email}")
else:
print(f"Failed to set new email: {response.status_code}")
When i run test, it works perfectly.
But few days later i start to transfer domains to the server, i look in the log and see that email changin is freezing.
API start retourning error 400 when script try to change email.
After caddy reboot it email changing start working again.
It happens same way on 2 my caddy servers (they worked as round robin cluster with 2 A records).
Does it known issue?
My best solution now is to understood how offten this freezing happens and setup caddy auto restart.
Have you asked Let’s Encrypt if your approach is acceptable to them? I haven’t heard of someone doing this, and there’s reasons Caddy doesn’t do this automatically…
That said, it sounds like your deployment could benefit from a sponsorship (Business tier or higher, I would recommend), so that we can get to know your needs and infrastructure and figure out an actual solution.
Yeah… I’ve debated whether this is what they want you to do, or whether it’s a limit to prevent you from doing this (at scale, either accidentally or intentionally). I actually asked a while ago, and the answer was encouraging at first, but also still a little ambiguous for me when they said:
Registering multiple accounts, all of which represent the same entity, so that you can get higher issuance rates than would be allowed for a single account, is definitely “working around” rate limits.
At first they say going up to the rate limit and then backing off is good, then they say that intentionally doing this is “working around” them, which is not good (I guess?) – so I dunno.
