probably easier to just get your own domain instead of being subject to dynamic dns/hosted communities included rate limits right now.
We have our own servers, we just share the domain freifunk.net for community reasons.
freifunk.net is not a âcommunity hosterâ, but the central domain used by pretty much all freifunk communities in germany.
oh youâre the provider not end user of the service
unfortunately that probably means you have to wait until LE folks loosen those rate limits 
I also hope theyâre loosening those rate limits soon, since weâre having several subdomains on our main domain that we donât wanna expose with one âmaster certificateâ for all subdomains on that host and I guess there will be more people with that concern.
I have the same problem âThere were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: spdns.orgâ with a German Dynamic DNS provider âspdns.deâ, with this you can get subdomains per account with maximum of 5.
The following domains are available:
firewall-gateway.com
firewall-gateway.de
firewall-gateway.net
my-firewall.org
my-gateway.de
my-router.de
myfirewall.org
spdns.de
spdns.eu
spdns.org
can you increase the Iinit for these domains? Or is it just a beta limit?
greeting
Letâs Encrypt basis its rate limit on the âregistered domainâ portion part of the FQDN, based on the Public Suffix List. For www.example.com, that would be example.com. For www.example.appspot.com, that would be example.appspot.com (because appspot.com is a public suffix).
Most dynamic DNS services should probably be in the Public Suffix List, because thatâs what browsers use to prevent sites from setting cookies on each other. Otherwise, example.appspot.com could set and delete cookies from widgets.appspot.com. So, my first recommendation is to ask your dynamic DNS provider to add themselves to the Public Suffix List, which will have add-on security benefits.
2 Likes
@jsha, that wont work for freifunk.net, as it could break the website at https://freifunk.net/ when browsers refuse to accept cookies for freifunk.net. It would probably have other side effects as well. Will there be other ways to increase the limit, or is that the only chance?
I donât think they will stop accepting cookies for https://freifunk.net, they will stop accepting cookies from foo.freifunk.net for freifunk.net or bar.freifunk.net.
1 Like
I had issues with my installation, and tried to use the new documentation. Cleared out my /etc/letsencrypt directory because I couldnât make heads or tails of which cert was correct.
And now I canât get replacement certs. This is one of the 6 domains I have which I canât get a cert for anymore.
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: heroesofthestorm.co.za
Please see the logfiles in /var/log/letsencrypt for more details.
Is there anything I can do?
[quote=âDrPain, post:31, topic:4184â]
Is there anything I can do?
[/quote]Wait a week: Public beta rate limits
I ran into issues with my LE client install as well as implementation and now I keep getting the following:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: rosekp.org
I need all old certs revoked/erased, so I can generate new certs now that my renewal script works.
Before you say, âwait a weekâ please note I already have and still getting these errorsâŚ
Revocation/ereasing doesnât help you at all if youâve hit the rate limit of 5 certificates per domain per sliding window of 7 days. Youâll just have to wait.
You should have experimented with the --test-cert switch in stead of the live server.
I waited 7 days alreadyâŚstill get the errorâŚ
Yes, your first certificate was issued at 16:09 GMT. Youâll just have to wait one hour and aprox. 40 minutes.
1 Like
thought Iâd wait long enough to issue more LE ssl certificates but seems my auto renewal cronjobs ran on Jan 1, 2016 so took up nearly all my free slots so I hit the rate limit again https://community.centminmod.com/posts/23476/
obtaining Letsencrypt SSL certificate via webroot authentication...
/root/.local/share/letsencrypt/bin/letsencrypt -c /etc/letsencrypt/webroot.ini --user-agent centminmod-centos6-webroot --webroot-path /home/nginx/domains/le15.http2ssl.xyz/public -d le15.http2ssl.xyz certonly
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: http2ssl.xyz
Please see the logfiles in /var/log/letsencrypt for more details.
@jsha definitely need to raise that rate limit soon as auto renewals with <60day frequency is going to interfere with the ability to get more ssl certificates and the problem will get worse over time as more LE ssl certs get auto renewed !
./expirydate.sh
/etc/letsencrypt/live/le10.http2ssl.xyz/cert.pem
certificate expires in 86 days on 31 Mar 2016
/etc/letsencrypt/live/le11.http2ssl.xyz/cert.pem
certificate expires in 86 days on 31 Mar 2016
/etc/letsencrypt/live/le12.http2ssl.xyz/cert.pem
certificate expires in 86 days on 31 Mar 2016
/etc/letsencrypt/live/le14.http2ssl.xyz/cert.pem
certificate expires in 89 days on 3 Apr 2016
/etc/letsencrypt/live/le13.http2ssl.xyz/cert.pem
certificate expires in 89 days on 3 Apr 2016Why not just put 100 of those subdomains as SANs on a single certificate, then install that same cert on each of the 100 subdomains? That takes up only 1 rate-limit slot per cert. Using this method you can generate certificates covering 500 subdomains every 7 days.
For example, if you currently have less than 100 subdomains secured, when your slot opens up again you can group them all up (regardless of expiry date) and generate just 1 cert covering the existing ones plus any new subdomains you wish to secure. That would use up only 1 slot, and all your subdomains would be covered for another 3 months.
Itâs not entirely just my requirements I need to meet but also that of my users as I develop Centmin Mod LEMP stack which integrates Letsncrypt into the Nginx vhost creator routines see http://centminmod.com/letsencrypt-freessl.html. So Centmin Mod users when they create a new nginx vhost site via the routine they input their domain name they want to setup nginx for + get a Letsencrypt SSL certificate issues and appropriate nginx HTTP/2 vhost configuration auto generated. So each nginx vhost auto created by my users will be tied to their own separate Letsencrypt SSL certificate.