SSL Provisioning is temporarily disabled: too many recent CertOrder creation

Exact error message: SSL Provisioning is temporarily disabled because too many recent CertOrder creation with the site

Recently (around 2 weeks ago I think), I had tried adding branch deploys to my site. While trying to make it work, I attempted to renew my TLS certificate to include new subdomains, without success. I then read that this is only possible when using Netlify’s DNS, and as I am using an external DNS zone, I stopped and reverted back to having custom domains only for the production branch.
During that time, I was also fiddling with my DNS zone, and broke it for some time, which I believe is the reason I couldn’t renew my certificate afterwards, even without trying to include subdomains for branch deploys.
Right now my DNS zone seems to be working as intended. It is hosted in Cloudflare, and Cloudflare proxying is disabled (“DNS only” mode, as they call it).
However, even with the DNS zone fixed up, and no subdomain for branch deploys in my settings, renewing the certificate doesn’t work and stays on the same too many recent CertOrder creation error.

I am unsure whether this is due to Let’s Encrypt’s limit being in effect for a long time, or if I am missing something. What are the steps to fix this, or to have more information about what is going wrong?

Hi @laurent.treguier

Welcome to the community!

Based on what you wrote, it does sound like you’ve triggered Let’s Enctypt’s rate limiting. Take a look at this article that talks about the different scenarios that could cause this and how long you’ll need to wait in order to resolve it.

I hope that helps!

Hi @elden, I gather from this article that rate limits apply within sliding windows, up to a week long.
It has been more than a week since the message first appeared, and I only tried renewing it manually a couple times since then.

I tried something just now however: I removed 2 of the 3 custom domain names, and renewal for just the remaining domain name was successful. So either my situation is now unblocked, or the other domains have some DNS misconfiguration (they seemed to point to the Netlify site correctly, but I’m no DNS guru).

I’ll try to add the 2 secondary domains later, and come back with my findings

Hello again; it seems that removing and re-adding my domains did the trick!
For some reason, renewing the certificate started working again after that, even if the renewal was for the exact same domains as when it was not working. Strange, but easy to work around!