Problem attempt create certificate for .sp.gov.br domains

tks for your reply :wink:

What would you think about also presenting the topic to CGI?

1 Like

The CGI has thrown the responsibility of .gov.br domains control to the state governments that register the domains of the municipalities, I believe they will not be able to help us in this matter, I find it easier to solve the problem by increasing the limit for domains that have .gov do not think ?

I contacted PRODESP responsible for .sp.gov.br, I copied it in the email, okay? :wink: Tks!

I’ve replied to your e-mail to try to explain to them why the Public Suffix List would be a good solution in this case.

2 Likes

It’s very difficult to talk to the Prodesp people, but I’m trying … It’s hard to be without a certificate lol kkk rs

There might also be some sensitivity about this topic because of the AC-Raiz Brasileira, which is not accepted by default by major browsers, but I have the impression that the people operating it wish it would be more widely used by Brazilian government entities.

1 Like

No solution to the problem … unfortunately, let’s change our domain to.com.br or buy the certificate

Did you get any reply from PRODESP?

I’m sad to just let this fail, because we can see that the problem arose because many municipalities are actively using the service:

https://crt.sh/?Identity=%.sp.gov.br&iCAID=16418

So Let’s Encrypt is already popular with other municipalities in your state, and each one will potentially have the same kind of problem that you did in the future.

2 Likes

The Brazilians do not have the same sense of solidarity that you Seth, unfortunately … I think it’s an insoluble issue, they do not have a direct channel, I do not think Prodesp knows what https:

Sabe essa lista que você me mandou os do webmail.pereirabarreto.sp.gov.br eu que criei mais cedo, será que têm como remover/revogar.

Vou responder em inglês para que outros entendam:

Revoking a certificate does not affect the rate limits at all; they are calculated on the basis of new issuance of certificates, not on the basis of the total number of certificates in existence. This also means that if people wait long enough, they may be able to issue new certificates even when many other certificates exist.

https://letsencrypt.org/docs/rate-limits/

The rules are a little bit complex, but the most important thing for these purposes is that revoking existing certificates won’t change the rate limits or allow more new certificates to be issued.

1 Like

I would really like to try to bring this up with some other entities. It's hard to me to believe that there isn't some potentially responsible entity that would care about this.

1 Like

I have the same problem here.
I'll try to get the email of prodemge. They administer the domain mg.gov.br.
mydomain is lagoasanta.mg.gov.br.

Hi @LucianoECunha,

I will send you a copy of the longer note in Portuguese that I sent to Prodesp. It hasn’t produced a useful response so far, but maybe the additional arguments and explanations there will be helpful to you in your discussions. (Feel free to send my message to anyone else if you think it may be useful.)

Also, if one state decides to act on this, maybe that fact will then be useful in the future with other states.

1 Like

I’m also now actively trying to find a contact to approach at CGI.br about the issue.

1 Like

I think we have almost managed to get in touch with someone there. :slight_smile: Of course, that doesn't mean that this is guaranteed to lead to a solution.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Since I am a forum administrator, I'm allowed to respond to a thread that is marked as closed. :slight_smile: (Uma versão em português segue abaixo.)

I wanted to share the good news that @pmoreira on this other thread

managed to make progress getting Registro.BR to list the governmental domains at UF-level on the Public Suffix List.

According to @cpu's estimate, the change should take effect for Let's Encrypt around June 22. After it does, it should be possible to get a much larger number of certificates for domains at the municipality level.

There are still rate limits that will exist

However, the certificates per registered domain limit will be calculated at the municipality level, instead of at the UF level, once this change takes effect.

2 Likes

Para os leitores que prefiram português:

Sendo administrador nesse fórum, posso responder até num tópico já fechado. :slight_smile:

Gostaria de compartilhar umas boas notícias. O @pmoreira nesse outro tópico

conseguiu persuadir o Registro.BR a pedir a inclusão na Public Suffix List dos domínios governamentais ao nível das UFs. O pedido já foi feito e aceito pela PSL.

De acordo com a previsão do @cpu, essa atualização deve ter efeito na Let's Encrypt aproximadamente no dia 22. Depois disso, será possível obter uma quantidade muito maior de certificados para domínios no nível dos municípios.

Há limites de frequência de emissão que ainda se aplicarão:

Entretanto, o limite de certificados por domíno registrado será aplicado no nível de município em vez do nível estadual, após a atualização da PSL.

1 Like