My domain is:
I ran this command:
certbot certonly --preferred-chain 'ISRG Root X1' --non-interactive --preferred-challenges dns --authenticator dns-standalone --dns-standalone-address=0.0.0.0 --dns-standalone-ipv6-address=:: --dns-standalone-port=53 -d '*.apps.k8s-lab.it.tufts.edu'
It produced this output:
Error creating new order :: too many certificates already issued for "tufts.edu".
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
I have reviewed
As you can see, the number of new (not renewal or duplicate) certs issued in a 7-day rolling window exceeded 50 on 2/14/2023, when 13 new certs were issued (not renewal or duplicate). There have continued to be dozens of new certs issued per day since that time, which should all be denied according to the rate-limits. How / why were these certs allowed to be created, greatly exceeding the rate limits? I repeat: The number of new (not renewal or duplicate) certs per day were:
And the 7-day sliding window greatly exceeded 50. The peak I see was 166 on 2/21.
A hacker was exploiting a public wildcard dns entry *.platform01.tufts.edu until 2/22/2023 when we removed it. Since DNS is under control now and the new certs per day is again under control, the 7-day sliding window should allow me to generate certs, but I am still being rate-limited.
How was the hacker able to obtain so many certs, exceeding the rate-limit? I think they should have been blocked, just like me, starting on 2/14, but as you can see from the crt.sh logs, they kept on generating dozens of certs per day.