Too many certificates already issued for: myfritz.net


#1

Trying to get a certificate for “tokhtpvahw8zo4bd.myfritz.net” results in the error message above. “myfritz.net” offers a dynamic DNS service, is very popular and therefore heavily used. What can I do to get an certificate for “my” computer?
thx,
RR


Can't renew certificates
#2

The provider needs to get their domain on the public suffix list for rate limits to be applied at a lower level. In the meantime you get some other domain that is on there (such as a .tk) and make it a CNAME to the dynamic one.


#3

yeah myfritz is propular enough since the fritzbox can use that as free dyndns service very easily.


#4

So what exactly do we have to do to get myfritz onto that list?


#5

The provider has made a request to be added, however due to the large number of requests made recently the list maintainers haven’t been able to verify and approve them.


#6

AVM, the provider of myfritz, is now on the list since a few days and let’s encrypt provides new certificates - everything’s perfect!


#7

… bad luck: trying to renew the certificate results in:
"There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: myfritz.net."
So I have to wait :frowning:


#8

It seems plan to relax the rate limit for renewal: https://github.com/letsencrypt/boulder/issues/1434


#9

Renewal now works, thanks for support…:relaxed:


#10

Hello @RRFfm,

Keep in mind that myfritz.net is not included in public suffix list yet nor the issue pointed by @Nit has been closed yet, so you simply had good luck renewing your certificate. Right now, nobody can issue a certificate using myfritz.net domain till tomorrow 1st March at 12:28 CET.

Maybe next time you need to renew your certificate, myfritz.net will be in the public list and/or letsencrypt implemented a relaxed policy to renew certificates ;).

Cheers,
sahsanu


#11

@Schroedingers-Cat: AVM has already requested to be included in the Public Suffix List:
https://github.com/publicsuffix/list/pull/77

But the processing of the list have not anticipated the overwhelming request of additions due to Let’s Encrypt… They are trying to set up a new process to catch up…


#12

Well, I got a renewed certificate, so I can wait 90 days:grin:


#13

The link’s merge request has been merged last month. However, i’m still getting the error message of this topic. What is the problem now?


#14

The Public Suffix List used by Let’s Encrypt is not updated in real-time, but rather periodically (usually every 1-2 months, there’s no actual schedule). The last update was at the end of March, so that commit didn’t make it by a few days. If you’d like, you can subscribe to status updates from Let’s Encrypt, which includes changelogs (or rather a list of commits) for updates made to the CA software. If the PSL is updated in a release, that’ll be included in the changelog.