Limitation of .jp TLD suffix

mattn · February 14, 2018, 6:31am

As long as I read the document of letsencrypt, it seems that the maximum number of certificates per domain depends are related on the suffix list. It should be related for the domains. But “.jp” TLD seems to be restricted as being bundled one domain. For example, all of DDNS service in japan which have .jp suffiex got already limitation. I’m not administrators of the DDNS service but I hope to use them. Should I ask the administrators for this issue? Or can I request to somewhere to fix the strange restrict?

_az · February 14, 2018, 6:48am

Definitely not the case.

Yes, this is possible if they are not added to the Public Suffix List. However, if you search the list for jp you will clearly see that it is there.

You should ask the owners of the DDNS .jp domains to apply to the PSL, this is how they can avoid the rate limitations.

For example, if you want to issue example.ddns.jp and test.ddns.jp with separate rate limits, then ddns.jp needs to be on the PSL. Hope that makes sense.

mattn · February 14, 2018, 8:06am

Thanks your quick reply. I’ll ask owner of DDNS service to add the domain to PSL.

mattn · February 28, 2018, 6:33am

The owner send PR to PSL. Thanks. BTW, how long does it take that new rate limit will be enabled?

mnordhoff · February 28, 2018, 7:02am

The big question is how much time will pass before the pull request is merged into the Public Suffix List. I'm not able to speculate about that, but you can look at other recently merged pull requests as examples.

https://github.com/publicsuffix/list/pulls?q=is%3Apr+is%3Aclosed

After that, the publicsuffix-go library will be updated, Let's Encrypt's Boulder software will be updated, and then Let's Encrypt will have to deploy it. You may need to ask the Let's Encrypt developers to perform the update, but that part of the process usually takes about 1-2 weeks.

mattn · February 28, 2018, 7:04am

good to hear that. thanks for your kindness.

_az · February 28, 2018, 7:11am

I am not sure the PR is in the right format:

The : on the first line has no spaces around it.
The email is not in the proper format (at instead of @).
The email line does not start with Submitted by.

I would guess that it will definitely be rejected in its current state. To save time you might consider fixing these issues before it goes for review.

system · March 30, 2018, 7:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why PSL limit at TLS not reached Issuance Policy	11	2500	January 22, 2017
Publicsuffix pull request help Help	5	1159	May 25, 2018
Limits in Public Suffixes List Help	4	1705	September 1, 2020
Subdomains letsencrypt limits quotas Issuance Policy	7	1146	February 9, 2022
Add dynamic DNS domain name to your top level domain list Feature Requests	2	3586	February 5, 2016

Limitation of .jp TLD suffix

Related topics