Too many certificates already issued - rate limit?


#13

Sorry, when I visit https://www.kelunik.com, my browser cannot find a valid certificate. Can someone else please resolve this question?

I’m pretty sure that LE automatic support is not intended to support virtual domains, even for www.


#14

Fixed, didn’t have www.kelunik.com as server_name so it used the default one (dev.kelunik.com) and served the wrong certificate. As the main domain is not actively in use, I didn’t ever try www., thanks.


#15

I verify the fix, and see the alternate name in the certificate. It is unfortunate that so many webmasters are obtaining separate certificates for example.com and www.example.com. I hope the final automated version of the LE client will handle (or offer to handle) such common situations itself.


#16

I have no get CERT and it is close.


#17

i think LE documentation should just mention that in examples i.e. -d domain.com -d www.domain.com to cover them.


#18

Yes, that is an excellent example that should be provided in the beta client documentation. And the functionality should be included in the final released full automation. Thanks.


Public beta rate limits
#19

I’m running many machines depending on dyndns domains. So now I’m stuck with not getting a cert for them, because all the other customers where faster then me.

“Too many certificates already issued for: xyz.xyz”

Will there be a whitelist for dyndns providers endings, because they’re only giving out subdomains to their customers?

Within the closed beta I didn’t stumble across this problem… And now I’m also unable to renew my cert.


#20

It would be great if the exceptions are not only for dyndns domains but also for huge communities like freifunk.net. There are more than 200 subcommunities each having their own subdomain xyz.freifunk.net and many using their own servers and taking care of their own server infrastructure and thus needing their own certificates.
Right now freifunk.net has already reached the limit of 10 certificates.


#21

probably easier to just get your own domain instead of being subject to dynamic dns/hosted communities included rate limits right now.


#22

We have our own servers, we just share the domain freifunk.net for community reasons.
freifunk.net is not a “community hoster”, but the central domain used by pretty much all freifunk communities in germany.


#23

oh you’re the provider not end user of the service

unfortunately that probably means you have to wait until LE folks loosen those rate limits :frowning:


#24

I also hope they’re loosening those rate limits soon, since we’re having several subdomains on our main domain that we don’t wanna expose with one “master certificate” for all subdomains on that host and I guess there will be more people with that concern.


#25

I have the same problem “There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: spdns.org” with a German Dynamic DNS provider “spdns.de”, with this you can get subdomains per account with maximum of 5.

The following domains are available:
firewall-gateway.com
firewall-gateway.de
firewall-gateway.net
my-firewall.org
my-gateway.de
my-router.de
myfirewall.org
spdns.de
spdns.eu
spdns.org

can you increase the Iinit for these domains? Or is it just a beta limit?

greeting


#26

Let’s Encrypt basis its rate limit on the “registered domain” portion part of the FQDN, based on the Public Suffix List. For www.example.com, that would be example.com. For www.example.appspot.com, that would be example.appspot.com (because appspot.com is a public suffix).

Most dynamic DNS services should probably be in the Public Suffix List, because that’s what browsers use to prevent sites from setting cookies on each other. Otherwise, example.appspot.com could set and delete cookies from widgets.appspot.com. So, my first recommendation is to ask your dynamic DNS provider to add themselves to the Public Suffix List, which will have add-on security benefits.


Allow dynamic DNS services to register more certificates
#27

Thanks for your answer, i have contacted the support from spdns.de and wait for response.


#28

@jsha, that wont work for freifunk.net, as it could break the website at https://freifunk.net/ when browsers refuse to accept cookies for freifunk.net. It would probably have other side effects as well. Will there be other ways to increase the limit, or is that the only chance?


#29

I don’t think they will stop accepting cookies for https://freifunk.net, they will stop accepting cookies from foo.freifunk.net for freifunk.net or bar.freifunk.net.


#30

Hey VaTo,

I use also an account with spdns.de. Did you hear something positive?


#31

I had issues with my installation, and tried to use the new documentation. Cleared out my /etc/letsencrypt directory because I couldn’t make heads or tails of which cert was correct.

And now I can’t get replacement certs. This is one of the 6 domains I have which I can’t get a cert for anymore.

There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: heroesofthestorm.co.za
Please see the logfiles in /var/log/letsencrypt for more details.

Is there anything I can do?


#32

[quote=“DrPain, post:31, topic:4184”]
Is there anything I can do?
[/quote]Wait a week: Public beta rate limits