Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Order / Old Account #128

Open
GeorgeSchiro opened this issue Mar 22, 2022 · 5 comments
Open

New Order / Old Account #128

GeorgeSchiro opened this issue Mar 22, 2022 · 5 comments
Assignees
@glatzert
Labels
question Further information is requested

Comments

@GeorgeSchiro
Copy link

GeorgeSchiro commented Mar 22, 2022
edited
Loading

Thomas, here's what we've been doing so far with every certificate request:

New-ACMENonce      "C:\AcmeState"
New-ACMEAccountKey "C:\AcmeState"
New-ACMEAccount    "C:\AcmeState" -EmailAddresses "[email protected]" -AcceptTOS -PassThru
New-ACMEOrder      "C:\AcmeState" -Identifiers ("MyDomain.com")

We're now seeing rate limits while ramping up to many domains.

I've reviewed issue #110 and was hoping I could cherry-pick the "AcmeState" folder for the bare minimum required to resolve this issue. We don't want to retain the full ACME state.

Can we place an old "AccountKey.xml" file into the ACME state folder in lieu of running the 1st 3 commands? (ie. those above "New-ACMEOrder"). Or, alternatively, can we run the 1st 3 commands and then overwrite the newly created "AccountKey.xml" file with the old one created during a previous run?
@GeorgeSchiro GeorgeSchiro added the question Further information is requested label Mar 22, 2022
@glatzert
Copy link
Collaborator

glatzert commented Mar 22, 2022
edited
Loading

Hi George,
you can reuse the AccountKey.xml and Account.xml as you like, but I think they must always go in tandem, since the identifier on Let's Encrypt is created from the Account Key.

We do this 'here', to reuse the account with more computers in our domain, since we have a relaxed rate limit for our main domain on that account.

@GeorgeSchiro
Copy link
Author

Hmm, looking at 4 examples of rate limit failures, none of them contain an "Account.xml" file. Each contains only an "AccountKey.xml" file (plus other apparently non-account specific files). They all failed on "New-ACMEOrder".

The one example we have with another type of failure (ie. "New-ACMEOrder" proceeded normally) does include an "Account.xml" file. That suggests that only a successful "New-ACMEOrder" results in an "Account.xml" output file. Is that right?

@glatzert
Copy link
Collaborator

AccountKey.xml is a local resource and will 'always' succeed.
The Account.xml will be created, when the account creation with your ACME service succeeded - it's a 'remote' resource.

@glatzert
Copy link
Collaborator

BTW: If you use -Verbose, ACME-PS will tell you what it reads and writes.

@GeorgeSchiro
Copy link
Author

I almost forgot to follow-up Thomas. Using old copies of "Account.xml" and "AccountKey.xml" resolved the issue. No more rate limits. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@glatzert glatzert

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GeorgeSchiro @glatzert