cdn-route service uses Let's Encrypt to provision and renew TLS certificates for custom user domains. Prior to this incident, all Let's Encrypt authorization requests were made under the same Let's Encrypt account, which caused us to reach the rate limit on pending authorizations as usage of the service increased. When attempting to provision new
cdn-route instances after this limit was reached, users saw the
Error creating new authz :: too many currently pending authorizations error message.
To fix this issue, we updated the
cdn-route service to use a separate Let's Encrypt account for each instance, so that requesting a new certificate authorization for one user never impacts another user.