40f9e38088
Add a new rate limit, identical in implementation to the current `CertificatesPerFQDNSet` limit, intended to always have both a lower window and a lower threshold. This allows us to block runaway clients quickly, and give their owners the ability to fix and try again quickly (on the order of hours instead of days). Configure the integration tests to set this new limit at 2 certs per 2 hours. Also increase the existing limit from 5 to 6 certs in 7 days, to allow clients to hit the first limit three times before being fully blocked for the week. Also add a new integration test to verify this behavior. Note that the new ratelimit must have a window greater than the configured certificate backdate (currently 1 hour) in order to be useful. Fixes #5210 |
||
|---|---|---|
| .. | ||
| rate-limits.go | ||
| rate-limits_test.go | ||