Rate limits hard coded in Caddy

I just received a new rate limit from Let’s Encrypt and I tested it and found that I am still limited.
After taking a look at the logs, I discovered that I am limited by Caddy and not by Let’s Encrypts.
After searching the forum, I found this:

These two variables enforce the limit:
RateLimitEvents
RateLimitEventsWindow

So there are two issues here:

  1. People who receive a new rate limit will still be limited by Caddy.
  2. The last time Let’s Encrypt needed to revoke millions of certificates in a short time, they increased the rate limit for all users from 300 new orders to 1000. This means that next time it happens, Caddy users will still be limited and will not understand why.

I recommend keeping the variables in place but providing an option to control them from the Caddyfile.

This internal rate limit (is more like a throttle, really) allows 600 events per hour, still higher than LE’s rate limits during mass revocation events. (Note theirs is 300 per 3 hours normally).

Are you finding that this rate limit is still too low for your requirements? That would be a first, even for deployments with hundreds of thousands of sites.

It blocked me after 200 certificates. So maybe there is an issue with that. Anyway it doesn’t solve the custom rate limit issue.

Can you post the logs? I’d like to understand what happened better.

What issue though? Is this one too low?

2 Likes