AutoSSL Rate Limiting on cPanel Servers
As part of a recent update, cPanel has changed their provider for SSL certificates issued through AutoSSL. Previously they used Sectigo for automatically-issued certs, with Let's Encrypt available as an alternative for users through a cPanel plugin. Let's Encrypt has now replaced Sectigo, and will be the default provider for AutoSSL going forward.
If you're a Domain of One's Own or cPanel Managed Hosting admin, it's possible that you'll see rate limit errors.
Let's Encrypt has rate limits on how many certs it can issue at once, so if your server has a large number of domains/subdomains associated with it (including if end users have made lots of subdomains), AutoSSL may run into that limit while trying to issue new certs. This is happening because, due to the provider change, AutoSSL is trying to issue new certs for every domain on the server all at once.
Unfortunately, because cPanel sets the SSL provider and LE sets the rate limits, the situation is currently out of Reclaim's hands. However, in order to try and decrease the impact, cPanel has set up cron jobs in order to run Let's Encrypt on smaller batches of domains a couple of times a day.
This lets servers space things out and avoid hitting the rate limit, and prevents the problem from recurring in the future. Because AutoSSL will automatically renew certificates in the order they were issued/order they expire, expirations & renewals will also be staggered as a result.
There aren't any steps you need to take directly for the time being, but until LE can issue certificates to all domains on a site, you may see sites without a SSL cert.
End users also don't need to do anything at this time. That said, Reclaim will be removing the Let's Encrypt cPanel plugin in order to prevent confusion among end users, since it no longer serves as an alternative to the AutoSSL Sectigo certificates and any users that try to issue certs through it will contribute to the rate limiting problem.