ct-tools seems to trip over AIA chasing via crt.sh if input is more than >25-50 certifices

[jochemvdberge]

Although I know that the AIA chasing via crt.sh was meant as a stopgap measure (I read the comments in the code) I do rely on it for submitting previously unknown certs to CT logs when I don't have the complete chain included. When submitting larger number of certificates the chain building fails and as such incomplete certificates are offered to CT logs with predictable results. Maybe it could be a rate limit bij crt.sh per IP-address?

[jochemvdberge]

Manage to work around it with a bash script... but the issue of AIA chasing is still a valid one I think? ;-)