Mooo.com rate limit

I am trying to obtain new certificate since I have migrated to a new dynamic dns domain; from ddns.net to mooo.com but I am getting a rate limit I have tried this since January 21, uptill now I still get rate limit however whenver I go to the https://crt.sh/?q=%mooo.com I still see that others have successfully obtained new certificates ?how is this possible? I still have the mydomain.ddns.net certificate can I use it to change/add domain to mydomain.mooo.com?

What is the full error message you are getting?

mooo.com is not on the public suffix list, which Let's Encrypt uses to determine rate limits, so using it with Let's Encrypt may not be a good idea unless the domain owner submits it to the PSL. ddns.net IS on the PSL and has higher rate limits.

The error states that rate-limit si sxceeded for the mooo.com domain.
It is owned by freedns.afraid.org a dynamic dns service. I am going to upload a copy of the error log later.

Hi. I've split these posts into a new thread, since they concern a different domain. :slightly_smiling_face:

It depends.

Some of them are probably, by coincidence or careful timing, creating certs right when the rate limits allow it. (Like when only 19 certificates have been issued in the previous week because the 20th is 1 week and 1 second old.)

Some of them are renewals of existing certificates, which fall under the Renewal Exemption to that rate limit.

If you carefully analyze the CT records, or use a program like lectl to do it for you, you can find out exactly when you can try to create a new certificate, if no one beats you to it. (After that, you would have no problem renewing it.)

The domain owner should submit their domain to the Public Suffix List or apply for a rate limit exemption from Let's Encrypt.

If they're unwilling or unable to, you could switch to a domain that is less popular, already exempt, or already on the Public Suffix List.

I've already emailed the owner about adding the domain to the Public Suffix Link and now waiting for a reply. Thank You

So I tried to obtain certificate this morning still with the error:

sudo certbot certonly --standalone -d XXXXXX.mooo.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for XXXXXX.mooo.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/XXXXX_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/XXXXX_csr-certbot.pem
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: mooo.com: see Rate Limits - Let's Encrypt
Please see the logfiles in /var/log/letsencrypt for more details.

So I tried to use lectl to determine when I can obtain a new certificate for the ‘mooo.com’ domain and I tried it last night and this morning the results. Last night it says I can obtain certificate at Jan 26 and now it says Jan 27? I have yet to receive a reply to the administrator of freedns.afraid.org to include the mooo.com to the PSL.

Other people keep renewing certificates, so I guess the number will keep changing. :slightly_frowning_face:

https://crt.sh/?q=%mooo.com

I thought the renewals have higher rate limits?

Sort of. Renewals can be issued when some of the other rate limits are exceeded, but the renewals will still count against the rate limits, preventing new certificates from being issued.

(Let's Encrypt is working on improving the situation, but it's complicated.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.