# See cmd/shell.go for definitions of these rate limits.
certificatesPerName:
  window: 2160h
  threshold: 2
  overrides:
    ratelimit.me: 1
    lim.it: 0
    # Hostnames used by the letsencrypt client integration test.
    le.wtf: 10000
    le1.wtf: 10000
    le2.wtf: 10000
    le3.wtf: 10000
    nginx.wtf: 10000
    good-caa-reserved.com: 10000
    bad-caa-reserved.com: 10000
    ecdsa.le.wtf: 10000
    must-staple.le.wtf: 10000
  registrationOverrides:
    101: 1000
registrationsPerIP:
  window: 168h # 1 week
  threshold: 10000
  overrides:
    127.0.0.1: 1000000
registrationsPerIPRange:
  window: 168h # 1 week
  threshold: 99999
  overrides:
    127.0.0.1: 1000000
pendingAuthorizationsPerAccount:
  window: 168h # 1 week, should match pending authorization lifetime.
  threshold: 150
invalidAuthorizationsPerAccount:
  window: 5m
  threshold: 3
newOrdersPerAccount:
  window: 3h
  threshold: 1500
certificatesPerFQDNSet:
  window: 168h
  threshold: 6
  overrides:
    le.wtf: 10000
    le1.wtf: 10000
    le2.wtf: 10000
    le3.wtf: 10000
    le.wtf,le1.wtf: 10000
    good-caa-reserved.com: 10000
    nginx.wtf: 10000
    ecdsa.le.wtf: 10000
    must-staple.le.wtf: 10000
certificatesPerFQDNSetFast:
  window: 3h
  threshold: 2
  overrides:
    le.wtf: 100