Add specific error message text to rate limit docs (#994)

letsencrypt · Mar 28, 2020 · e8bbde6 · e8bbde6
1 parent 672a9ba
commit e8bbde6
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/content/en/docs/rate-limits.md b/content/en/docs/rate-limits.md
@@ -3,7 +3,7 @@ title: Rate Limits
 slug: rate-limits
 top_graphic: 1
 date: 2018-01-04
-lastmod: 2020-02-24
+lastmod: 2020-03-05
 ---
 
 {{< lastmod >}}
@@ -26,7 +26,9 @@ from your domain name registrar. For instance, in the name `www.example.com`,
 the registered domain is `example.com`. In `new.blog.example.co.uk`,
 the registered domain is `example.co.uk`. We use the
 [Public Suffix List](https://publicsuffix.org) to calculate the registered
-domain.
+domain. Exceeding the Certificates Per Registered Domain limit is reported with the
+error message `too many certificates already issued`, possibly with additional
+details.
 
 If you have a lot of subdomains, you may want to combine them into a single
 certificate, up to a limit of 100 <a id="names-per-certificate"></a>**Names per Certificate**. Combined with the
@@ -41,6 +43,8 @@ Registered Domain** limit, but they are subject to a **Duplicate Certificate**
 limit of 5 per week. Note: renewals used to count against your Certificate per
 Registered Domain limit until March 2019, [but they don't
 anymore](https://community.letsencrypt.org/t/rate-limits-fixing-certs-per-name-rate-limit-order-of-operations-gotcha/88189).
+Exceeding the Duplicate Certificate limit is reported with the error message
+`too many certificates already issued for exact set of domains`.
 
 A certificate is considered a renewal (or a duplicate) of an earlier certificate if it contains
 the exact same set of hostnames, ignoring capitalization and ordering of
@@ -59,7 +63,8 @@ issue those certificates have already been consumed.
 There is a <a id="failed-validations"></a>**Failed Validation** limit of 5 failures
 per account, per hostname, per hour. This limit is higher on our
 [staging environment](/docs/staging-environment), so you
-can use that environment to debug connectivity problems.
+can use that environment to debug connectivity problems. Exceeding the Failed
+Validations limit is reported with the error message `too many failed authorizations recently`.
 
 The "new-reg", "new-authz", and "new-cert" endpoints on the v1 API and the "new-nonce", "new-account", "new-order", and "revoke-cert" endpoints on the v2 API have an <a
 id="overall-requests"></a>**Overall
@@ -72,15 +77,19 @@ You can create a maximum of 10 <a id="accounts-per-ip-address"></a>**Accounts pe
 create a maximum of 500 **Accounts per IP Range** within an IPv6 /48 per
 3 hours. Hitting either account rate limit is very rare, and we recommend that
 large integrators prefer a design [using one account for many customers](/docs/integration-guide).
+Exceeding these limits is reported with the error message `too many registrations for this IP`
+or `too many registrations for this IP range`.
 
 You can have a maximum of 300 <a id="pending-authorizations"></a>**Pending Authorizations** on your account. Hitting
 this rate limit is rare, and happens most often when developing ACME clients. It
 usually means that your client is creating authorizations and not fulfilling them.
 Please utilize our [staging environment](/docs/staging-environment) if you’re
-developing an ACME client.
+developing an ACME client. Exceeding the Pending Authorizations limit is
+reported with the error message `too many currently pending authorizations`.
 
 For users of the ACME v2 API you can create a maximum of 300 <a
-id="new-orders"></a>**New Orders** per account per 3 hours. A new order is created each time you request a certificate from the Boulder CA, meaning that one new order is produced in each certificate request.
+id="new-orders"></a>**New Orders** per account per 3 hours. A new order is created each time you request a certificate from the Boulder CA, meaning that one new order is produced in each certificate request. Exceeding the New Orders
+limit is reported with the error message `too many new orders recently`.
 
 # <a id="overrides"></a>Overrides
 
@@ -107,7 +116,7 @@ registered domain, you most likely do not need an increase. See our [Integration
 # <a id="clearing-pending"></a>Clearing Pending Authorizations
 
 If you have a large number of pending authorization objects and are getting a
-rate limiting error, you can trigger a validation attempt for those
+Pending Authorizations rate limiting error, you can trigger a validation attempt for those
 authorization objects by submitting a JWS-signed POST to one of its challenges, as
 described in the
 [ACME spec](https://tools.ietf.org/html/rfc8555#section-7.5.1).