GoDaddy VPS host name change - ratelimit hit

GoDaddy changed the default host names for VPS servers. I can't generate a new cert as I keep getting:

An unexpected error occurred:
Error creating new order :: too many certificates already issued for: secureserver.net: see Rate Limits - Let's Encrypt

I understand secureserver.net is a primary GoDaddy domain. I am guessing that perhaps a number of people are trying to create new certs due to the host name change. Can the rate limit for secureserver.net be increased (or perhaps just temporarily increased)?

1 Like

Welcome to the Let's Encrypt Community, Eric! :slightly_smiling_face:

One moment...


@lestaff

This is a huge problem. GoDaddy uses the secureserver.net domain name for a very large number of services. I recommend immediately increasing the limit for secureserver.net.

3 Likes

isn't it godaddy's problem to fix, like adding to public suffix? not sure 3rd party can request either of those

5 Likes

It might become a problem for Let's Encrypt if the scale of traffic associated with the problem bogs down its infrastructure. We're talking potentially millions of endless retries.

3 Likes

Wouldn't most people be using GoDaddy for their own domain names? I'm not really familiar with GoDaddy's offerings, but if this is a name that they have separate users using separate subdomains of, shouldn't they just add it to the PSL? What exactly is this sudden "name change"? If many servers names have changed, wouldn't these "endless retries" be for their servers' old names?

Maybe just start at the beginning and use small words about what the exact problem is; I'm a little under the weather today :sneezing_face: and I'm probably missing a bunch of context. Regardless I would expect that action/requests would need to come from GoDaddy's side first.

4 Likes

GoDaddy has no responsibility or concern with their users using Let's Encrypt certificates. However, its users' actions for acquiring certificates for subdomains of secureserver.net could pose a problem for Let's Encrypt. The use of the PSL for this purpose is considered bad practice.

3 Likes

@efoertsch, is there any other domain name you can use?
[that one doesn't belong to you and can be take away without notice]

3 Likes

Full disclosure. What I know about web servers is basically what I gleaned from online blogs and StackOverflow.
So the non-profit organization I did this work for does have a web presence/domain name - also with GoDaddy. So can I just create a subdomain, and rename the VPS server to the subdomain name to get around the limit problem?

The use of the PSL to bypass rate limits is bad practice, but the rate limit is just why it got mentioned here, not why it would be added to the PSL. Two subdomains of secureserver.net are different sites, just like subdomains of a TLD, so it should be on the PSL. Unfortunately, only the owner of a domain can request its addition, and it doesn't seem likely that GoDaddy will do that.

4 Likes

I get where you're coming from. :slightly_smiling_face: Unfortunately, if every business/scheme tried to treat subdomain names of their apex domain name as different domain names from a TLD perspective via the PSL because they want to "sublease" the subdomain space of their domain name then the PSL would grow immensely out of control. From a pragmatic standpoint I agree with your analysis though.

3 Likes

The above discussion of PSL and TLD are completely over my head.

I was able to create a subdomain, pointed to the VPS server (didn't need to change the GoDaddy default VPS server name) and created the new cert with no problem.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.