Reached rate limit due to suffix not being in Public Suffix list


#1

Hi everyone. I am trying to get a SSL certificate to host WebODM in a server located in dc.uba.ar (via Let’s Encrypt). However, when I try to do so, I it produces the following output:

There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: uba.ar: see https://letsencrypt.org/docs/rate-limits/

I understand that Let’s Encrypt uses the public suffix list to calculate the registered domain. However, I don’t see uba.ar as a suffix, probably because it’s a very old domain which belongs to University of Buenos Aires, and it’s not registered at the public suffix list because it was created even before the Network Information Center Argentina was born.

Since it’s a bureocratic pain for us (a small research group in UBA) to ask our goverment to add uba.ar to the suffix list just to use Let’s Encrypt, I was wondering if there is a way that Let’s Encrypt adds it to the list they consider as a suffix.

(I’m sorry if this message doesn’t belong here. If it doesn’t, could someone tell me where / who should I write to?)

Thanks in advance.


#2

You may request an ACME account-based or domain-based rate limit exemption if you have a legitimate need. The link to the application form is on https://letsencrypt.org/docs/rate-limits/ .

It can take a few weeks for it to be processed.


#3

A stupid question, why do you need to ask your government? You need to ask the owner of uba.ar (so University of Buenos Aires), not the owner of .ar.

Note that the public suffix list has other implications that Let’s Encrypt: for example, cookies: https://publicsuffix.org/learn/