I ran this command:certbot certonly -a webroot --webroot-path=/var/www/crt -d case.net.ru -m certbot@case.net.ru --agree-tos -n
It produced this output:Too many certificates already issued for: net.ru
My operating system is (include version):CentOS 7
My web server is (include version):nginx-1.10.3
I understand the logic under this denial, but I’d like to mention that the `net.ru’ domain allows registration of subdomains to anyone for a low price, so there are lots of such subdomains. Could you please remove the subdomain limit for net.ru?
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
It probably is a commercial company which re-sells subdomains for the "normal" (i.e., non-reserved) domain net.ru.
There are of course many other non-reserved domain names used for re-issuing of subdomains. Think of dynamic DNS providers. Therefore, Let's Encrypt uses the "Public Suffix List" to distinguish between such domains and regular domains.
There also exists an exemption form from Let's Encrypt, but I'd emagine that form would only be valid if filed by the original domain owner.
So the only way for you not to be hampered by the rate limits is to contact the owner of net.ru and ask if they can help you with this problem by either adding their domain to the Public Suffix List of filing an exemption through the LE form.
It might also be valid for some purposes if filed by a hosting provider which is hosting a large number of separate HTTPS web sites in a way that would otherwise be forbidden by a Let's Encrypt rate limit. But I'd agree in this case that the request ought to be filed by the net.ru operator, not by an end-user.
Let's Encrypt was willing to make exceptions for other Russian domains that are used this way, as a result of a Public Suffix List request that took effect somewhere around a month ago. There is a precedent for this, but it's unfortunate that the net.ru operator wasn't a part of that change, since either way it's likely to take a couple of months to get an exception in place for this domain.
