Too many certificates already issued for:


Please fill out the fields below so we can help you better.

My domain is:

I ran this command:certbot certonly -a webroot --webroot-path=/var/www/crt -d -m --agree-tos -n

It produced this output:Too many certificates already issued for:

My operating system is (include version):CentOS 7

My web server is (include version):nginx-1.10.3

I understand the logic under this denial, but I’d like to mention that the `’ domain allows registration of subdomains to anyone for a low price, so there are lots of such subdomains. Could you please remove the subdomain limit for

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


Unfortunately, the domain name isn’t in the list of reserved domain names of the “Coordination Center for TLD RU”.

It probably is a commercial company which re-sells subdomains for the “normal” (i.e., non-reserved) domain

There are of course many other non-reserved domain names used for re-issuing of subdomains. Think of dynamic DNS providers. Therefore, Let’s Encrypt uses the “Public Suffix List” to distinguish between such domains and regular domains.

Unfortunately, is not in the list.

It is possible to submit to the Public Suffix List, but that can only be done by the original domain name owner!

There also exists an exemption form from Let’s Encrypt, but I’d emagine that form would only be valid if filed by the original domain owner.

So the only way for you not to be hampered by the rate limits is to contact the owner of and ask if they can help you with this problem by either adding their domain to the Public Suffix List of filing an exemption through the LE form.


It might also be valid for some purposes if filed by a hosting provider which is hosting a large number of separate HTTPS web sites in a way that would otherwise be forbidden by a Let’s Encrypt rate limit. But I’d agree in this case that the request ought to be filed by the operator, not by an end-user.

Let’s Encrypt was willing to make exceptions for other Russian domains that are used this way, as a result of a Public Suffix List request that took effect somewhere around a month ago. There is a precedent for this, but it’s unfortunate that the operator wasn’t a part of that change, since either way it’s likely to take a couple of months to get an exception in place for this domain. :frowning:


As far as I can see, today around 0:00 UTC the certificate was fetched successfully. Thanks for your assistance!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.