The zombies in question are abandoned or misconfigured Internet servers and ACME clients that have been set to request certificates from Let’s Encrypt. At the scale of Let’s Encrypt, which now covers hundreds of millions of names, scenarios like these have become common, and their impact has become substantial. Self-Service UnpausingA key feature in our zombie issuance pausing mechanism is self-service unpausing. Failed certificate orders fell by about 30% so far, and should continue to fall over time as we fine-tune the rate limit formula and catch more zombie clients. The new rate limit and the self-service unpause system are also ready to deal with circumstances that might produce more zombie clients in the future.