How to avoid rate limit

Hello,

I am using cPanel/WHM and have run into the following problem, please advise.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
mixh.jp

I ran this command:
I tried to renew my certificate with cPanel.

It produced this output:

[2024-03-25T20:36:27Z] AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/1637041807) has reached a rate limit. (429urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for "mixh.jp". 
Retry after 2024-04-01T19:00:00Z: see https://letsencrypt.org/docs/rate-limits/)) You may contact Let’s Encrypt to request a change to this rate limit.

My web server is (include version):
LiteSpeed 6.0

The operating system my web server runs on is (include version):
CloudLinux 8

My hosting provider, if applicable, is:
I'm hosting provider in Japan.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes.
WHM 11.118.0.4

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I do not use Certbot.

My customer's SSL certificate could not be renewed successfully with the error outputting a large number of errors.
I am giving away the domain "mixh.jp" for free to my users, and I have about 10,000+ subdomains, on multiple servers.
I tried to request a rate limit relaxation via the form but that did not work.

How do I renew all of my clients' certificates without restrictions?

Please advise.

Hello @kamiya, welcome to the Let's Encrypt community.

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

But you should be able to state the name of the client and its version

Check Rate Limits - Let's Encrypt and consider filling out rate limiting form

Also consider if you can use https://publicsuffix.org/

Please be aware any of these will take time..

Hello @Bruce5051,

Thank you for your answers.

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

But you should be able to state the name of the client and its version[/quote]

I am using a feature bundled with the dedicated hosting software called cPanel/WHM.
The software is the aforementioned version, I am using "WHM 11.118.0.4".
Unfortunately, there does not appear to be a way to use a staging environment with this software.

Check Rate Limits - Let's Encrypt and consider filling out rate limiting form

I tried to order from the rate limiting form to ask for the limit to be lifted but I get the following error:

No Overrides Possible
The error you are receiving has no possible overrides. 

Is there something wrong with my application process?

Also consider if you can use https://publicsuffix.org/

Can you please tell us the specific use of the PSL?

Regards,

Your domain name mixh.jp would act as though it were a TLD.
Thus increasing the limits for your users, it would be as each had their own domain name.

@kamiya there are also other Free ACME CAs.

Thank you for your clear answer.
If I register "mixh.jp" in PSL, does it mean that rate limits are applied to each user's subdomain?
What steps are necessary to register "mixh.jp" in the PSL?

Unfortunately, it is not possible to change the ACME because Let'sEncrypt is closely integrated with the panel functions bundled with the cPanel/WHM software.

That is how I understand it.

Check here Submit amendments to the Public Suffix List

If more knowledgeable Let's Encrypt community members correct what I have presented,
by all means take their advise.

Using the Public Suffix List is probably better for you as that registered name is being shared by different customers. It is described here. It will possibly affect how cookies by your customers are handled so be sure to study it.

Other than the PSL, based on the dates in your first post you issued 50 certs for the registered name mixh.jp. That is the default limit for certs for a single registered name.

You should be able to request a rate limit to allow more especially as a hosting provider.

Some of the other limits cannot be extended but this one should be. I provide a sample below. Is this how you filled out the form?

Were you trying to issue a very large number of certs in a short time? Because you would still need to pace requests to avoid the "hard" limits (like 300 new orders / hour). See Rate Limits - link here

image2112×984 165 KB

Thank you for your answers @Bruce5051 and @MikeMcQ .

I will take action to register the domain on the Public Suffix List.
Can you tell me for reference how long this will take to register?

We are currently working around the issue by using a different certificateprovider, but the deadline with the cPanel/WHM hosting software is expected to be around December of this year.

Apparently I have been checking the wrong items.
I selected "too many certificates already issued" and the form to apply appeared.

Hello,

I applied for a Rate Limit Adjustment Request via the form.
However, after one day, I have not received any response to my registered email address.

Is there any way to check if my application was correctly submitted?
Is there any other way but to wait for a response from Let's Encrypt?

Regards,

Please read the information that’s provided on the rate limit form regarding our response times.