PSL - too many certificates for domain


#1

Hi,

I have opened a thread in July 2017 (PSL - too many certificates for registered domain) which has been closed due to inactivity.

Has there been any progress?
I’m still experiencing the same issue.

Thanks


#2

@cpu, could you please look into this issue? It refers to rate limits on evennode.com, where subdomains

eu-2.evennode.com
eu-3.evennode.com
eu-4.evennode.com
us-1.evennode.com
us-2.evennode.com
us-3.evennode.com
us-4.evennode.com

are already on the PSL.

@ceecko, do you have an example of a list of domains for which this error was recently returned?


#3

I will add it to my queue.


#4

@jsha IIRC you answered a question related to this recently. Is this something you know the answer to off-hand?


#5

This one?


#6

Yep, that’s the previous thread. Essentially, issuance for a parent domain gets checked against subdomains; in the case of issuance for a parent domain that is also a public suffix, there are likely to be very many certificates counting against the limit for subdomains. I think the right fix here is changing the renewal rate limit so that ordering doesn’t matter.


#7

@schoen I’ve tried the following

evennode.com
www.evennode.com

#8

@cpu @schoen do you need any more info?


#9

Hi @ceecko,

I understood the question to be resolved by @jsha’s previous answer. Apologies for not replying to say as much.

The order of renewal vs new issuance matters. We understand that it is difficult to coordinate for a parent domain that is a public suffix and need to fix that renewal calculation but it isn’t work slated for development in the short term.


#10

Thank you for replying @cpu
I think it’s important to mention that it’s not possible to issue or extend a certificate with new subdomains which are not part of PSL. Adding a subdomain such as newsubdomain.evennode.com to the certificate is not possible because it requires issuance of a new certificate and that fails.

Basically, we’re stuck with the original certificate and cannot extend it :confused:
We’d be grateful if this received a priority but I understand there could be more pressing issues…


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.