diff --git a/roles/sys-svc-certs/tasks/flavors/_san.yml b/roles/sys-svc-certs/tasks/flavors/_san.yml
index 30261752..4d2e1821 100644
--- a/roles/sys-svc-certs/tasks/flavors/_san.yml
+++ b/roles/sys-svc-certs/tasks/flavors/_san.yml
@@ -1,4 +1,4 @@
-# Necessary to have this seperat file to pass performance tests
+# Necessary to have this separate file to pass performance tests
 - name: Install certbundle
   include_role:
     name: pkgmgr-install
@@ -20,7 +20,12 @@
     {% endif %}
     {{ '--mode-test' if MODE_TEST | bool else '' }}
   register: certbundle_result
-  changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
+  changed_when: >
+    ('certificate not yet due for renewal' not in (certbundle_result.stdout | lower | default('')))
+    and ('certificate not yet due for renewal' not in (certbundle_result.stderr | lower | default('')))
+    and ('already issued for this exact set of identifiers in the last' not in (certbundle_result.stderr | lower | default('')))
+    and ('too many certificates' not in (certbundle_result.stderr | lower | default('')))
+    and ('the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default('')))
   failed_when: >
     certbundle_result.rc != 0
     and 'too many certificates' not in (certbundle_result.stderr | lower | default(''))
@@ -33,6 +38,20 @@
       WARNING: Let's Encrypt responded with "service down for maintenance / internal error".
       Certificate request skipped; please retry later.
 
+- name: Warn if LE rate limit (exact set) was hit
+  when: "'already issued for this exact set of identifiers in the last' in (certbundle_result.stderr | lower | default(''))"
+  debug:
+    msg: >
+      WARNING: Let's Encrypt rate limit for this exact identifier set was hit.
+      No changes recorded; retry after the indicated time.
+
+- name: Warn if LE rate limit (generic) was hit
+  when: "'too many certificates' in (certbundle_result.stderr | lower | default(''))"
+  debug:
+    msg: >
+      WARNING: Let's Encrypt rate limit reached ("too many certificates").
+      No changes recorded; adjust batching or retry later.
+
 - name: run the san tasks once
   set_fact:
     run_once_san_certs: true
\ No newline at end of file
diff --git a/roles/sys-svc-certs/tasks/flavors/san.yml b/roles/sys-svc-certs/tasks/flavors/san.yml
index 8e55552b..844d80e5 100644
--- a/roles/sys-svc-certs/tasks/flavors/san.yml
+++ b/roles/sys-svc-certs/tasks/flavors/san.yml
@@ -1,3 +1,4 @@
 # Neccessary encapsulation to pass performance tests
-- include_tasks: "_san.yml"
+- name: Include wrapped SAN tasks
+  include_tasks: "_san.yml"
   when: run_once_san_certs is not defined
\ No newline at end of file