Rate limits and DDNS subdomains


#1

Although I have a couple of registered domains which LE works fine with, I also have a few dynamic dns subdomains which I have been encrypting with LE certs via a single LE account key. Today I tried to use a different account key to create certs for an unrelated set of subdomains but was told the “linkpc.net” domain already has exceeded the LE rate limit. This brings up a difficult issue if LE really wants to encrypt the whole internet. Many (most?) home users of LE certs are going to use DDNS services to access their home LAN remotely, meaning they will be sharing the same SLD with hundreds or thousands of other ddns users. If LE is basing rate limits on SLDs instead of subdomains for ddns service providers most ddns users are going to be unable to issue certs for their domains. Am I missing something?


#2

It’s up to the DDNS provider to either request a rate limit override or add their domain(s) to the public suffix list. As an end user you can ask your provider to do so, or choose a provider that has done so already.


#3

Yep. You can see an example of this by opening up https://publicsuffix.org/list/public_suffix_list.dat , and scrolling down to the line starting with:

// No-IP.com : https://noip.com/

That will have a selection of DDNS domains you can use with absolutely no shared Let’s Encrypt rate limits.


#4

Thanks so much, I had no idea this list existed. Unfortunately DnsExit (owner of linkpc.net SLD) isn’t included so I will alert them.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.