Problem with limits

We are experiencing an issue with generating certificates for subdomains vis AutoSSL at cPanel. We create hosting accounts for our clients as subdomains in the format xxx.exmaple.com. Since we have a large number of accounts, the number of subdomains is also quite high. Even for new Account IDs, certificates are not being generated.

Unfortunately, our requests to increase the limit are constantly being rejected. This is despite the fact that similar requests for other Account IDs were approved without any issues. Currently, for a new server that has only a few dozen domains so far, our request for a limit increase has been rejected, and we are receiving the following error: MASTER DCV: A rate limit prevents DCV.

Do you know how we can resolve this issue?

Perhaps use a single wildcard certificate for all subdomains?

Consider supplementing with additional Free ACME Certificate Authorities

Unfortunately this error message comes from AutoSSL and is not very specific as to which rate limit is being hit.

What exactly is your question? What do you want to have resolved? Know why your rate limit requests are being denied? Because if you want more specific help with this specific rate limit you're hitting, we'd need to know the actual rate limit error.

I have an error message like this:
AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/2182938635) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (too many certificates (50) already issued for "example.com" in the last 168h0m0s, retry after 2025-02-19 13:32:55 UTC: see Rate Limits - Let's Encrypt)) You may contact Let’s Encrypt to request a change to this rate limit.

Unfortunately, using a paid wildcard certificate is not a solution because cPanel does not support it. I want to achieve a situation where there will be no issues generating SSL certificates for subdomains.

For example, we create a client account for the subdomain: login.example.com.

cPanel immediately creates additional subdomains:
• mail.login.example.com
• www.login.example.com

And here the problem arises because the certificate is generated for only one of these three addresses.

When a client adds their own domain to the account, for example, mojadomena.com, cPanel additionally creates more subdomains under the main domain:
• mojadomena.com.login.example.com
• www.mojadomena.com.login.example.com

Thus, the number of subdomains quickly increases and higher limits are required to generate certificates for subdomains of the example.com domain. Otherwise, the AutoSSL service stops and does not generate certificates for client domains, such as mojadomena.com.

A few points:

• Let's Encrypt wildcard certificates are not paid, they are free like all certificates we offer.
• The cPanel AutoSSL Let's Encrypt provider does support wildcard certificates.
• The error message you got includes a link to our Rate Limit Documentation, which includes both advice on how to avoid getting rate limited, and links to our form where you can request rate limit overrides. Please read that documentation.

In the scenario above, are all client domain configurations under example.com ?

i.e:

client1.example.com
www.client1.example.com
mail.client1.example.com

client2.example.com
www.client2.example.com
mail.client2.example.com

If that is the case, you should apply for your domain to be on the PublicSuffixList

that will get you past the ratelimit issues , but more importantly protect your users from exposing data to each other through cookies.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.