Rate Limits
CASTLE Platform® ACME Email Server provides rate limits to ensure a fair usage and reach many users as possible.
Note: if you are testing or developing a client, please use the staging environment, as it provides a higher rate limits.
When making the order, you can pack multiple email addresses into a single order. This may not be strictly related with the email addresses that will be present in the Certificate Signing Request (CSR) that will be uploaded when finished all challenges, despite it is recommended. Despite a single certificate may hold multiple email addresses, each email address shall be validated. For example, if you are aiming at placing 3 email addresses into the same certificate, each of three email addresses shall pass its own challenge separately.
These limits are rarely reached. If you reach a limit, your agent is probably buggy.
The rates are calculated in a time-window manner. This means that if you reach a limit, you must wait until the time-window passes the event that triggered the limit. For instance, if you create 5 accounts in a time-span lower than 1 hour (at T1, T2, T3, T4 and T5), you must wait until T1+3600 seconds before creating a new account. After T1+3600 you can create a new account but not a second one. In such case, you must wait until T2+3600 and so on and so forth. In other words, if you reach a limit, you must not wait until the end of limit since the moment you reached the limit.
The following rates are applied:
- Max names per certificates (
[email protected]
,[email protected]
…): 10
Each certificate can hold up to 10 email addresses in it. This is useful for packing multiple aliases into the same certificate. For instance, imagine that you or your company has different email domains ([email protected]
and [email protected]
). Usually, email clients only allow to configure a single certificate for each account, even though it may hold multiple aliases.
- Max certificates per name per week: 50
This is the maximum number of certificates that can be issued to a single email address. Note that this limit applies to a single email address. For example, if an email address is placed in two different certificates (the first cert contains [email protected]
and [email protected]
and the second contains [email protected]
and [email protected]
), [email protected]
will count twice.
- Max validations per name per account per hour: 5
This is the maximum of pending validations that can be hold per hour for a single email address. This is equivalent to the number of pending challenges that can be requested per hour.
- Max new accounts per IP per 3 hours: 10
When you set up your client, you can use a single account to manage all email addresses, or you can create an account for each email addresses. This is the maximum number of accounts that you are allowed to create every 3 hours.
- Max new accounts per IP range per 3 hours: 500
This limit is the same as before, but applied to an IP range instead of a single IP. This is particular important if you are over IPv6.
- Max pending authorizations per account: 300
This is the total number of pending authorizations that can be present in an account. This is a global limit and it is not time-related. If you reach this limit, you have to deactivate unused authorizations before continue. If you reach this limit, you will not be allowed to place new orders. To deactivate a particular authorization, a {status: deactivated}
must be sent to ACME server to the desired authorization.
- Max new orders per account per 3 hours: 300
This is the maximum number of new orders that can be placed every 3 hours per account. If your reach this limit you have two options: 1) deactivate unused orders or 2) wait for 3 hours later the first order that triggered the limit.