Cu.ma limit increase

I am using ...cu.ma as hosted by googiehost.com. I can never get a SSL certificate. Can you increase the limit? I wonder how many people can't use the service. It's free so likely to be popular. When is the limit reset? Thanks

Sorry. The hosts at Googiehost may be able to help better!

My domain is: mayocoin.cu.ma (cu.ma is operated by Googiehost)

I ran this command: Tried to set a "Let's Encrypt" SSL

It produced this output: Error message: Weekly Rate limit of 200 for 'cu.ma' has been reached

My web server is (include version): There are two dashboards (same result)

"DirectAdmin" and I think a modified "cPanel"

The operating system my web server runs on is (include version): ?

My hosting provider, if applicable, is: Googiehost

I can login to a root shell on my machine (yes or no, or I don't know): unlikely

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

"DirectAdmin" and I think a modified "cPanel" No version numbers - same result

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No idea

I believe it's just a matter of supply and demand. It's a free hosting service with no charge for SSL so demand will be high.

Thanks

1 Like

Weirdly enough crt.sh shows that there have been no issuances for cu.ma domains for the last 3 years. But querying for your domain directly shows that there have been issuances very recently. Peculiar. Perhaps someone on this forum knows what's up with crt.sh?

I see that cu.ma domain is not on the Public Suffix List, it would be wise for Googiehost to register it as such. Or they can apply for increased rate limit for that domain.

I can also see that the certificates for your domain come from ZeroSSL. This community does not provide support for users of certificates from that Certificate Authority.

All in all you should probably take this issue up with your host

1 Like

Just from my own experience crt.sh responds poorly with large numbers of results. I have had slightly better luck using the advanced options of "exclude expired" and "deduplicate".

With those set for cu.ma I saw many results but the most recent issuance was in Sept.

You might have better luck with Censys in these cases. There is also link for this in the crt.sh advanced options.

4 Likes

@Nekit crt.sh can have some trouble with showing all certs if there are way too many certs available. For some reason, it doesn't show the most recent certs in that case, but older ones. For example, Google shows more recent certs: Google Transparency Report (and probably isn't complete either).

4 Likes

I appreciate I might be talking to the wrong people (I'm guessing you're friendly, knowledgeable volunteers so thanks for the tips).

Clearly someone has had more luck than me recently CN=ftp.saquib007.cu.ma - Censys so I doubt Googiehost will do much expect escalate it here or tell me to wait.

So my original question remains (possibly for a quota admin).

A few things:

  • Only the organisation of a certain domain can request an exemption from the regular rate limits. See Rate Limits - Let's Encrypt.
  • It sounds like this domain cu.ma should be on the Public Suffix List (PSL) if multiple users can get subdomains from it. Currently, (i.e.: not on the PSL), this is a security risk, mainly due to cookie stuff. As a by product, if a domain is present on the PSL, Let's Encrypt handles the usual rate limits for a domain differently. Note that any request for adding a domain on the PSL cannot be motivated by Let's Encrypt rate limits. That's not the purpose of the PSL. It's just a by product. There must be proper reasons for a domain to be present on the PSL.
3 Likes

Google shows 93K+ certs having been issued to that domain.
Do you really need to use that domain?
[there are so many other domains out there - including free ones]
If you only need the one cert for the single FQDN, then you could try and try and try (until you get it).
But if you need more than one cert, I would suggest using another domain (don't waste your time).

2 Likes

Thanks. Sounds pragmatic. It is just the one domain. Any reasonable freeby hosts with letsencrypt certificates?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.