Let’s Encrypt rate limits

Discussion in 'Tips/Tricks/Mods' started by Alex Mamatuik, Feb 6, 2026 at 1:53 PM.

Tags:
  1. Alex Mamatuik

    Alex Mamatuik Member

    It would be nice to have an add-on for the ISP Config admin. panel to see real certificate issuance rate limits for domains, in case they are reached.

    While configuring the reverse proxy, i discovered, that the SSL part had stopped interacting with the Let's Encrypt.

    It turned out, that the domain was being blocked with the following error:
    Before that moment, i had never known, Let's Encrypt enforces issuance limits.
    Even ISPConfig tries to issue, but Let’s Encrypt refuses until that retry time. That’s why SSL vhost never gets created for domain at a moment: there is no new cert to install.

    Also, simply enabling "SSL" itself does not automatically create an HTTPS virtual host.
    Code:
    grep -iR --line-number "letsencrypt\|acme\|micino\.site\|unauthorized\|invalid" /usr/local/ispconfig/server/log /var/log/ispconfig 2>/dev/null | tail -n 20
    /var/log/ispconfig/cron.log:75:Thu Feb 5 09:30:04 UTC 2026 "type": "urn:ietf:params:acme:error:rateLimited", /var/log/ispconfig/cron.log:76:Thu Feb 5 09:30:04 UTC 2026 "detail": "too many certificates (5) already issued for this exact set of identifiers in the last 168h0m0s, retry after 2026-02-06 14:56:06 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-identifiers", /var/log/ispconfig/cron.log:79:Thu Feb 5 09:30:04 UTC 2026 [Thu Feb 5 09:30:04 UTC 2026] Please check log file for more details: /var/log/ispconfig/acme.log

    To check this from the terminal, we can add an alias to ~/.bashrc at the bottom of the file, after all exports / aliases / completions.:
    Code:
    # ---- ISPConfig / Let's Encrypt helpers ----
acme-rate() {
  local lines=${1:-20}

  awk '
    /domain='\''/ { d=$0; gsub(/.*domain='\''|'\''.*/,"",d) }
    /_main_domain='\''/ { d=$0; gsub(/.*_main_domain='\''|'\''.*/,"",d) }
    /"type": "urn:ietf:params:acme:error:rateLimited"/ { print "RATE_LIMIT domain=" d }
    /retry after/ { print "  " $0 }
  ' /var/log/ispconfig/acme.log | sed '/domain=$/d' | tail -n "$lines"
}
    After editing .bashrc, reload:
    source ~/.bashrc

    Usage:
    In my opinion, binding this information to a specific section in the Websites area of ISP Config would make a useful add-on.
     
    Alex Mamatuik, Feb 6, 2026 at 1:53 PM
    #1

Share This Page