Please increase limit on domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vitrinabox.com

I ran this command: (not known)

It produced this output: (not known)

My web server is (include version): (not known)

The operating system my web server runs on is (include version): (not known)

My hosting provider, if applicable, is: godaddy.com

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I am using a 3rd party service of bunny cdn that in turn uses your service to create free ssl for your subdomains with only a cname registration on our part. This is currently restricted to 50 registrations per week for subdomains as I understand it per domain. Is there a way to increase the limit for our domain of vitrinabox.com?

1 Like

Hi @Periklis and welcome to the LE community forum :slight_smile:

The easiest way (there may be other ways) is declaring the domain as a public domain and having it added to the PSL. This would automatically make the limit on that base domain equal to all other base domains.

3 Likes

@rg305 Thank you for the quick reply and for the warm welcome. May I ask what's the limit going to be if I manage to add the domain to the PSL?

2 Likes

There are no limits on any base domains (just like: .com, .org, .net etc.)

2 Likes

Note that the Public Suffix List affects more than just Let's Encrypt; it's also used by like web browsers to figure out what sites can set cookies for what other sites. (Like sub.example.com can set cookies used by all of example.com because the main suffix is .com and example.com is assumed to own all its subdomains, if I understand correctly.)

The Rate Limits page does link to a form that can be used for requesting a higher rate limit for the domain, if I understand it correctly (some rate limits can be raised and some can't), but I think the request would need to come from the domain owner. The request to be added to the PSL probably also would need to come from the domain owner, too, I believe.

2 Likes

Okay so that means it could theoretically be excluded from all the limits. Last question, do you know how long it takes for the pull request to be accepted ? We need a fix for that relatively soon since we're in need to deploy client accounts this month.

1 Like

Thank you for your reply. We are already creating sub domains with a wildcard SSL and that seems to be unlimited from within azure. We only need this for the 3rd party service of bunny cdn that we're using who uses let's encrypt as a way to create custom ssl for our domain. Do you think that registering the domain will in PSL will affect the current ssl certificates we have issued in some way?

1 Like

I wouldn't count on either the rate limit form nor the Public Suffix List being updated within a month. (And even after the PSL is updated, I don't think Let's Encrypt picks up new versions extremely quickly.)

I'm not familiar with that product, but if you already have a wildcard cert, I might see if you can just use such a wildcard cert with that product. Trying to make a ton of subdomains each with their own cert, if you own them all, may be more a headache than it's worth.

I wouldn't expect so.

5 Likes

Time for some expectation management at the management :wink:

3 Likes

I think you would do better by issuing a single cert with up to 99 wildcard entries in it for all your subdomains. With any luck that should cover all the subdomains that the bunny cdn service would need to serve. All you would then need to do is work with the bunnies to get them to use that one cert (until a more dynamic, and permanent, solution can be established).

5 Likes

Thank you @rg305 and @petercooperjr. I will be going towards uploading custom wildcard ssl on the bunnycdn service instead of trying out with the limit here since it is, as I understand it now, the best solution. I want to say you both gave the solution although I couldn't mark both answers as such.

4 Likes

We look at and deploy rate limit adjustments weekly! And if we are not able to give you a rate limit adjustment, we will also email you the reason why. While this could change in the future, this is how we currently have the process set up.

Feel free to use the adjustment form on the rate limits doc!

6 Likes