Rate limits

[Yang Hong]

Hi,

Are there any rate limits on crt.sh? I may need to use it extensively with hundreds of domains. I fount that is a conversation related to this: https://groups.google.com/g/crtsh/c/NZJntKrBdmg. Is it still the same limit (Requests to the crt.sh web service are now being throttled at 60 requests per IP address per minute)?

Thank you!

Yang

[Yang Hong]

And is there any rate limit of crt.sh DB?

[r...@sectigo.com]

Hi Yang.

As part of our efforts to deal with what was effectively an ongoing DDoS attack from one user about 14 months ago, we had to reduce the crt.sh:443 rate limits still further.  The current per-IP address rate limit is 5 requests per minute.

For crt.sh:5432, there is currently a per-IP address limit of 5 concurrent connections.

Both crt.sh:443 and crt.sh:5432 are heavily (ab)used, with the available resources being frequently overloaded, unfortunately.  This is why responses are often slow, and (for crt.sh:443) HTTP 502s are common.  It's conceivable that we may decide to lower the rate limits even further.