Request for Certificate Issuance Limit Increase

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Here is the translation:


Is it possible to increase the SSL certificate generation limits for our domain domenomania.eu?

We are a hosting company, and we set up all cPanel hosting accounts in technical subdomains such as: XXXX.domenomania.eu

Where XXXX is the client's login.

Unfortunately, we are constantly receiving SSL generation errors in the form of: MASTER DCV: A rate limit prevents DCV.

Is there a way to raise the limit for our subdomains that our clients want to use?

My domain is: domenomania.eu

I ran this command:

AutoSSL via cPanel/WHM

It produced this output: MASTER DCV: A rate limit prevents DCV.

My web server is (include version): Newest WHM and cPanel

The operating system my web server runs on is (include version): ClouLinux Shared Pro 8

My hosting provider, if applicable, is: I'm hosting provider

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Newest cPanel and WHM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Well, it'd be more helpful if your client would give you the actual error message that Let's Encrypt is sending, but if you have a lot of subdomains under one registered domain then certainly is possible that you're running into some rate limits. The documentation lists all the limits, and the process to request a higher one:

If your subdomains are controlled by different parties, and they shouldn't able to do things like set cookies for each other's sites (that is, there should be some security boundaries between the different subdomains), then you may also want to investigate getting it added to the Public Suffix List (PSL). That is also used within Let's Encrypt's rate limit calculations, but you shouldn't request to be added to the PSL just because of rate limits, but only if you need the other security boundaries that applications like web browsers use the PSL for.

https://publicsuffix.org/learn/

7 Likes

So what is an exact way to increase our limits? I've read info on the page you sent me, but I didn't find any clue.

Please read it more carefully, especially the "Overrides" paragraph.

Also, see the part about the PSL for security reasons above. You don't want your users to be able to set supercookies for your base domain name.

3 Likes