DynDNS Service - Rate Limit

Hello all,

I'll try to keep this short.
I have started a new free DynDNS service in Germany. Everything works great, until now of course the first support requests come in that I have reached my domain limit at Lets Encrypt.
"Error creating new order :: too many certificates already issued for "home64.de". Retry after 2023-01-26T08:00:00Z: see Rate Limits - Let's Encrypt"

I have 14 domains and for at least 5 of them I already run into the limit. The ACME.SH v2 API integration is ready on my side, but I'm still waiting for acme.sh to implement the pull request.

I have filled out the Let's Encrypt Rate Limit document, but I get a message from support that I should contact them here. I don't understand why, but okay.

Can anyone help me how to set Let's Encrypt to a higher rate limit with 14 domains?

Website: https://ipv64.net
DynDNS Domains: "ipv64.net"
"ipv64.de"
"any64.de"
"eth64.de"
"home64.de"
"iot64.com"
"lan64.com"
"nas64.com"
"srv64.com"
"tcp64.com"
"udp64.com"
"vpn64.com"
"wan64.com"
"eth64.com"

Error:
An unexpected error occurred:

Error creating new order :: too many certificates already issued for "home64.de". Retry after 2023-01-26T08:00:00Z: see Rate Limits - Let's Encrypt

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Whether the rate limit document or via email I get told to report here.

Many thanks and greetings
Dennis Schröder

Hi @IPv64, and welcome to the LE community forum :slight_smile:

The rate limit document asks for account number OR domain.
Perhaps you filled in both fields.
If so, that will trigger such a failure.

If you are offering public access to these domains, you should register them with the Public Suffix List. See: Public Suffix List

And be prepared to wait.
Nothing in this space is done overnight.

3 Likes

This is probably the most important step. Not just for Let's Encrypt rate limits (the PSL will deny the request to be added to their list if you cite LE rate limits as the reason), but for security reasons. If different users are using subdomains under the same domain name, the domain names should be on the PSL.

It also happens that LE uses the PSL for their rate limit calculations, but that's more "a coincidende".

3 Likes

Okay, thanks so much for your super quick responses. I wanted to register in this Public Suffix List not quite 2 weeks ago.
The pull request is still open and I am waiting for feedback.

Then I have done everything that can be done at this point. I will have to wait, thank you.

Thank you
Dennis

1 Like

Best of luck!
Cheers from Miami :beers:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.