Throttle the rate of renewal requests (ACME v2 rate limit)

The ACME v2 API has a new rate limit of 300 new orders per account per 3 hours, which easily results in the "too many new orders recently" error for new or renewing domains. (see #213)

As a first step to mitigate this new requirement, throttle the rate with which renewal requests are issued to a default 60 per hour (which leaves 40 for on-demand issues per hour).

Author: gohai

README.md

@@ -183,6 +183,11 @@ How frequently (in seconds) all of the domains should be checked for certificate
 auto_ssl:set("renew_check_interval", 172800)
 ```
 
+### `renewals_per_hour`
+*Default:* `60`
+
+How many renewal requests to issue per hour at most. The ACME v2 protocol limits each account to 300 new orders per 3 hours. This setting will throttle the renewal job so that a sufficient margin remains available for new domains at all times. You might consider lowering this setting when the same Let's Encrypt account credentials are shared across multiple servers (in a load-balanced environment).
+
 ### `storage_adapter`
 *Default:* `resty.auto-ssl.storage_adapters.file`<br>
 *Options:* `resty.auto-ssl.storage_adapters.file`, `resty.auto-ssl.storage_adapters.redis`

lib/resty/auto-ssl.lua

@@ -44,6 +44,10 @@ function _M.new(options)
     options["renew_check_interval"] = 86400 -- 1 day
   end
 
+  if not options["renewals_per_hour"] then
+    options["renewals_per_hour"] = 60
+  end
+
   if not options["hook_server_port"] then
     options["hook_server_port"] = 8999
   end

lib/resty/auto-ssl/jobs/renewal.lua

@@ -5,6 +5,8 @@ local shuffle_table = require "resty.auto-ssl.utils.shuffle_table"
 local ssl_provider = require "resty.auto-ssl.ssl_providers.lets_encrypt"
 
 local _M = {}
+local min_renewal_seconds
+local last_renewal
 
 -- Based on lua-rest-upstream-healthcheck's lock:
 -- https://github.com/openresty/lua-resty-upstream-healthcheck/blob/v0.03/lib/resty/upstream/healthcheck.lua#L423-L440
@@ -184,6 +186,18 @@ local function renew_check_cert(auto_ssl_instance, storage, domain)
   end
 
   renew_check_cert_unlock(domain, storage, local_lock, distributed_lock_value)
+
+  -- Throttle renewal requests based on renewals_per_hour setting.
+  if last_renewal and ngx.now() - last_renewal < min_renewal_seconds then
+    local to_sleep = min_renewal_seconds - (ngx.now() - last_renewal)
+    ngx.log(ngx.NOTICE, "auto-ssl: pausing renewal job for " .. to_sleep .. " seconds")
+    ngx.sleep(to_sleep)
+  end
+  if last_renewal then
+    last_renewal = last_renewal + min_renewal_seconds
+  else
+    last_renewal = ngx.now()
+  end
 end
 
 local function renew_all_domains(auto_ssl_instance)
@@ -199,6 +213,10 @@ local function renew_all_domains(auto_ssl_instance)
     -- renewal attempts).
     shuffle_table(domains)
 
+    -- Set up renewal request throttling.
+    min_renewal_seconds = 3600 / auto_ssl_instance:get("renewals_per_hour")
+    last_renewal = ngx.now()
+
     for _, domain in ipairs(domains) do
       renew_check_cert(auto_ssl_instance, storage, domain)
     end

spec/config/nginx.conf.etlua

@@ -33,6 +33,7 @@ http {
       allow_domain = function(domain)
         return true
       end,
+      renewals_per_hour = 3600,
     }
     <%- auto_ssl_pre_new or "" %>
     auto_ssl = (require "resty.auto-ssl").new(options)