Getting rate-limited on 61 subdomains


#1

Please fill out the fields below so we can help you better.

My domain is: 61 subdomains of mukurtu.net.

I ran this command: letsencrypt cert-only -c /etc/letsencrypt/cli.ini

It produced this output:
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: mukurtu.net
Please see the logfiles in /var/log/letsencrypt for more details.

My operating system is (include version): Centos 6.8

My web server is (include version): Apache 2.2

My hosting provider, if applicable, is: BlackMesh, Inc

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

It’s my understanding from https://letsencrypt.org/docs/rate-limits/ that a cert can contain up to 100 names. This request contains only 61, but I’m still hitting a rate limit of some kind.

My first thought is that the LE system thinks the domains are all distinct and therefore can’t register more than 20 per week. I’m not sure why it would come to that conclusion and how to fix it. These 61 subdomains were previously all covered by a single *.mukurtu.net wildcard cert.

The base domain (mukurtu.net) is not hosted on this server and therefore not included in the request. Could that be related?


#2

The issue here is not the number of domains included on that one certificate, but rather that you’ve requested 20 other certificates for subdomains of mukurtu.net in the last 7 days. You’ll have to wait till December 9th (exactly 7 days after you got your first certificate) to issue additional certificates

Rate limiting works on the registered domain level, so any subdomains of mukurtu.net would count against the rate limit for mukurtu.net. See the full docs on rate limiting for more details.


#3

I’ve found the real cause of the issue. The tech who came through before me tried to build a script to request the certs for each subdomain one at a time, thus running headlong into the rate limit.

This topic can be closed; thanks for all replies.


#4

Definitely make use of our staging environment for this sort of development in the future!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.