Maximal Certificate Request Reached for this Domain

AliR · October 2, 2020, 3:35am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gulberg.ddns.net

I ran this command: Add a new Certificate on my Synology DSM

It produced this output: Maximal Certificate Request Reached for this Domain

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: noip.com

I can login to a root shell on my machine (yes or no, or I don't know): NA

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

schoen · October 2, 2020, 3:42am

Hi @AliR,

That might match up with either of two different errors from the Let's Encrypt CA:

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com , the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued , possibly with additional details.

or

[...] a Duplicate Certificate limit of 5 per week. [...] Exceeding the Duplicate Certificate limit is reported with the error message too many certificates already issued for exact set of domains .

That is, it could be because of other people getting 50 certificates this week for other domain names under ddns.net (which seems very possible), or because of you trying successfully 5 different times to get a certificate for gulberg.ddns.net.

Is there any information in the DSM interface, or from your own recollection of what you did, that could help decide which it is?

In the first case (other people's activity), you might have to pick a different free domain name provider, wait a while and try again, register your own domain, or ask the ddns.net operators to try to get in touch with Let's Encrypt about the rate limits.

In the second case (your own activity), you should look for logs and documentation that will help make sure that you don't make the same certificate request over and over again. In this case you might have to wait for a week before trying again.

Based on this search

I think it's much more likely to be due to other people's behavior (reaching a rate limit for the shared research of the ddns.net domain name) than to your own actions, since it doesn't look like you successfully issued any certificates for this name recently.

petercooperjr · October 2, 2020, 3:01pm

Isn't ddns.net on the Public Suffix List?

hebbet · October 2, 2020, 3:23pm

yes it is:

github.com

publicsuffix/list/blob/8e4165f16ab5b00f3555a68f5e3cff1bd5d1768b/public_suffix_list.dat#L12557


serveexchange.com
servehumour.com
servep2p.com
servesarcasm.com
stufftoread.com
ufcfan.org
unusualperson.com
workisboring.com
3utilities.com
bounceme.net
ddns.net
ddnsking.com
gotdns.ch
hopto.org
myftp.biz
myftp.org
myvnc.com
no-ip.biz
no-ip.info
no-ip.org
noip.me

rg305 · October 2, 2020, 6:21pm

So if ddns.net is on the PSL and he has requested only one cert...

I need to know where/how this error message was produced:
"Maximal Certificate Request Reached for this Domain"

@AliR, Which ACME client are you using and what do the logs show?

system · November 1, 2020, 6:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.