Request for Certificate Issuance Limit Increase

vh_hosting · June 19, 2024, 10:22am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Here is the translation:

Is it possible to increase the SSL certificate generation limits for our domain domenomania.eu?

We are a hosting company, and we set up all cPanel hosting accounts in technical subdomains such as: XXXX.domenomania.eu

Where XXXX is the client's login.

Unfortunately, we are constantly receiving SSL generation errors in the form of: MASTER DCV: A rate limit prevents DCV.

Is there a way to raise the limit for our subdomains that our clients want to use?

My domain is: domenomania.eu

I ran this command:

AutoSSL via cPanel/WHM

It produced this output: MASTER DCV: A rate limit prevents DCV.

My web server is (include version): Newest WHM and cPanel

The operating system my web server runs on is (include version): ClouLinux Shared Pro 8

My hosting provider, if applicable, is: I'm hosting provider

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Newest cPanel and WHM

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

petercooperjr · June 19, 2024, 11:32am

Well, it'd be more helpful if your client would give you the actual error message that Let's Encrypt is sending, but if you have a lot of subdomains under one registered domain then certainly is possible that you're running into some rate limits. The documentation lists all the limits, and the process to request a higher one:

If your subdomains are controlled by different parties, and they shouldn't able to do things like set cookies for each other's sites (that is, there should be some security boundaries between the different subdomains), then you may also want to investigate getting it added to the Public Suffix List (PSL). That is also used within Let's Encrypt's rate limit calculations, but you shouldn't request to be added to the PSL just because of rate limits, but only if you need the other security boundaries that applications like web browsers use the PSL for.

https://publicsuffix.org/learn/

vh_hosting · July 17, 2024, 6:46am

So what is an exact way to increase our limits? I've read info on the page you sent me, but I didn't find any clue.

Osiris · July 17, 2024, 7:06am

Please read it more carefully, especially the "Overrides" paragraph.

Also, see the part about the PSL for security reasons above. You don't want your users to be able to set supercookies for your base domain name.

system · August 16, 2024, 7:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
The request exceeds a rate limit Help	2	1013	November 1, 2021
A rate limit prevents DCV Help	13	418	March 18, 2023
Cancel Rate Limiting Help	4	840	November 2, 2021
How to avoid rate limit Help	11	410	June 8, 2024
The request exceeds a rate limit) (Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: Help	7	690	October 10, 2023

Request for Certificate Issuance Limit Increase

Related topics