Hi,
I’ve been trying to get a certificate for my domains (they ends in .dynu.com) and when I am not using the stagging server I get the error that says:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates
already issued for: dynu.com
Now, I know there are the certificate limits and I decided to wait for another day to try to get the certificates and the result is the same.
At the time I write this messages, crt.sh shows only 2 new certificates were issued for domains ending in ‘.dynu.com’:
I thought the limit was 5 per domain per day. I even tried right after midnight last might (actually at midnight in each time zone in the US) and it did not work, but I see others certificates with the same domain issued today…
All my subdomains end in freebird.dynu.com, and if I search for the certificate (at the time of this writing), crt.sh shows:
Criteria Identity LIKE '%freebird.dynu.com'
Certificates None found
Can anyone tell me why I am having trouble with this?
Unless dynu.com is on the Public Suffix List (it’s not, but dynu.net is), the query you need to be running to see certificates hitting this limit is: https://crt.sh/?q=%.dynu.com.
There are two similar limits; one is certificates to identical sets of names, and the other is certificates for the same base domain name. You’re hitting the latter, which is certificates issued for dynu.co and is 20 per 7 days. Bear in mind that renewals count against this limit, but are not restricted by it, so anyone who already has a certificate can renew it without issue, even past these rate limits, but that can prevent you from issuing a new certificate.
Also moved this to help, a more relevant category.
For anyone else having this issue, I will post the answer I got today from dynu.com:
Dear Marcelo,
Thank you for choosing Dynu!
Thank you for pointing this out. dynu.com is excluded for security reasons.
We are continually working on making our services better and your feedback is very important to us. If you have any questions, comments or suggestions, please contact us at:
Support: https://www.dynu.com/Support
Facebook: https://www.facebook.com/DynuSystems
Twitter: https://www.twitter.com/DynuSystems
Google: https://plus.google.com/+DynuSystems
Best Regards,
Customer Service
Dynu Systems, Inc.
Website: http://www.dynu.com
Email: service@dynu.com
If dynu.com is a public dynamic DNS service, it would probably be better for security to list it in the PSL, rather than worse! However, I’m not sure how to persuade the operators of that.
Agreed! I don’t know why they decided it was a security concern. If that was the case they should have prevented users to use their main domain and force them to use the alternative ones…
Anyway, I’ve been using dynu.com for quite a while now. I guess I will have to wait until the beginning of the week for the week limit to expire and try again to get my certificates. My only question is, when does the new week start exactly? Sunday or Monday? I guess it will be Pacific Standard Time…
It’s actually a rolling 7-day (168-hour) limit. A nice tool to calculate the current rate limit more precisely based on public data is
Then you can make your request right at the beginning of the new rate limit window. (Of course, I wish there were some way to persuade the domain operator to list on the PSL instead.)
DYNU is currently offering free dynamic DNS services under 17 different domains:
If you are not married to your DYNU.COM FQDN, then you could just switch to any of those domains (that are already on the PSL).
Or keep the http://yourname.DYNU.com vhost (without SSL) and simple forward that to a new https://yourname.<pick one of the 17 domains> site with SSL.
Thanks for all the help! I would have been driving myself crazy without all the information you all gave me!
I finally used lectl to discover I had to wait until a while ago to overcome the week limit, so I did. I requested the certificate and I finally could obtain it, so all is good!
Thanks everyone again!
