I am using letsencrypt to generate the ssl certificate for my subdomain (domain is :stackwaysapps.com ). I am using DNSIMPLE to generate the cerficates for my subdomains but i am facing an issue that " Installer nginx\nObtaining a new certificate\nAn unexpected error occurred:\nThere were too many requests of a given type :: Error creating new order :: too many certificates already issued for: stackwaysapps.com: see https://letsencrypt.org/docs/rate-limits/\nPlease ". I am using n number of subdomains for my projects but the rate limit is only 50 , so is there any way to increase rate limit to n numbers or any other tool which i can integrate with DNSIMPLE to increase n number of ssl cerficates
no, for this error it's only 5. it's telling you you have already issued 5 valid certificates for that name exactly.
You should tell your acme client to use the certificates it has already, and not force-reissue the good ones when obtaining other ones for different names
ok, I see you really are against that rate limit: letsdebug-toolkit
I can offer two options:
- use more than one subdomain in a certificate (up to 100)
- use a wildcard certificate (but... do you really want to disseminate that?)
a third option becomes available but only if you host those apps for other people and have no control on them. If you confirm, I'll tell you about it.
yes i am intrested in it and i can use third party tool also it will feasible for us @9peppe
It's not something to do lightly and it's probably irreversible. You might want to register a domain for this specific purpose, because you won't be able to use your apex domain anymore (you won't be able to get a certificate, at least).
Read here and be extra sure you need this before pulling the trigger.
can you please explain about the third option because our crietria is that we have a web app through which user create the server and deploy application on those servers and we enable https on their domain
The third option makes it so that the limit doesn't apply to your domain but to each of your subdomains. It also means you can't get a certificate on your main domain.
If you are giving subdomains to other people, it can work.
If they use their domain and not yours, it doesn't matter, because you can make an http-01 validation and use their domain.
Is wildcard certificate works in our case ? or is it possible that we redirect all subdomain to https from http rather than apply ssl on them @9peppe
I am not sure I understand you. Yes, a wildcard certificate works.
A redirect can be done, depending on your software.
we provide users a server on diff.-diff. cloud providers (like Digital ocean , linode ,etc) and they install application on them (like drupal,wordpress,magento,etc) and we point their application on a subdomain of our domain so for those subdomains i want ssl certificated in bulk ......we provide user a dummy subdomain @9peppe
You cannot use a wildcard in that case. Too many people would have access to the private key.
You don't need recognized ssl certificates for the dummy domain, just use a self signed one. Only the proper domain, your client's one, needs an actually recognized certificate.
what is staging environment Rate Limits and can we implement this :
The staging environment uses the same rate limits as described for the production environment with the following exceptions:
- The Certificates per Registered Domain limit is 30,000 per week.
- The Duplicate Certificate limit is 30,000 per week.
- The Failed Validations limit is 60 per hour.
- The Accounts per IP Address limit is 50 accounts per 3 hour period per IP.
- For ACME v2, the New Orders limit is 1,500 new orders per 3 hour period per account.
heyy i am waiting for your response
Please be patient, your previous reply was only 3 hours ago. Note that this is a Community with mainly volunteers.
You can also use staging certificates, but it doesn't make sense, browsers don't recognize them. Better to go for self signed.
yes when i used staging ssl certificate browser said that it is not vaild
so what is use of staging ssl certificates
self signed certificates work but their is rate limit for it
Please read the documentation:
if staging will not work for us so please guide what is the best way to get unlimited rate limiting