Too many certificates already issued for: com.ru


#1

Hello.
Could you please make domain “com.ru” to be like root domain. It is a common domain that is sold by registrars for users similar to domains “com.ua”, “com.au”, “com.pl” and so on.
I have a domain inside this zone (example.com.ru) and when I try to create cert for subdomains (www.example.com.ru and admin.example.com.ru) I’m getting error “Too many certificates already issued for: com.ru”.


Domain megamuz.com.ru (and subdomain *.megamuz.com.ru)
#2

Hi @DarkSide,

The best thing would be for a responsible party (someone who helps run .com.ru) to get the domain added to the Public Suffix List:

https://publicsuffix.org/

Let’s Encrypt periodically imports the Public Suffix List releases and exempts them from related-domain rate limiting.


#3

Thank you for info. Created pull request https://github.com/publicsuffix/list/pull/376


#4

I was going to say that they’ll want the registrar to contact them instead… but I’m afraid that’s already been stated in the GitHub issue!


#5

same problem with domain zones spb.ru msk.ru com.ru and others…


#6

@alexstep, if you know how to contact the people who run those domains, maybe you can let them know about the benefits of the Public Suffix List.

It’s not just useful for Let’s Encrypt rate limiting; in fact, the original purpose has to do with the security of cookies across sites (plus other later browser security mechanisms that limit the ability of one web site to affect an unrelated web site). For example, example.com.ru should presumably not be able to set or view cookies for other parts of .com.ru, but since .com.ru isn’t literally a top-level domain, browsers won’t know that unless we tell them!

http://identitymeme.org/http-cookie-processing-algorithm-etlds/


#7

@schoen There is a large pull request https://github.com/publicsuffix/list/pull/384 just merged into public suffix list! Could you please force to synchronize LetsEncrypt with latest public suffix list. Thanks!


#8

I believe that there’s a regular schedule on which these updates are imported; maybe @cpu could tell us when the next update will be.


#9

@cpu could you please tell us when will be next update?


#10

@DarkSide, @jsha has indicated in another thread that it should take effect by late next week:


#11

Ok, thanks. Topic can be closed.


#12