urn:acme:error:rateLimited chickenkiller.com 429

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
hosted @ chickenkiller.com

I ran this command:
certbot certonly
#1 - webserver

It produced this output:
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for: chickenkiller.com”,
“status”: 429

Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: chickenkiller.com
2017-12-05 04:53:39,046:ERROR:certbot.log:An unexpected error occurred:
2017-12-05 04:53:39,046:ERROR:certbot.log:There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: chickenkiller.com
My web server is (include version):

The operating system my web server runs on is (include version):
ClearOS/CentOS 7.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I’m assuming chickenkiller.com is a hosting service that gives you something.chickenkiller.com domain names? It appears a great many certificates have been issued recently for chickenkiller.com: https://crt.sh/?q=%chickenkiller.com

There’s a rate limit of 20/week per domain, and while renewals are not blocked by this limit, they do count against it. You can keep trying a few time a day in the hopes that you get lucky, but a better option would be to contact whoever runs chickenkiller.com and recommend they do one of the following:

  • Submit their site to the Public Suffix List, which will both prevent the base domain form encountering rate limits, but also increase the security of sites hosted there by preventing cross-domain cookies. They’r not very keen on adding domains to this list solely to avoid Let’s Encrypt rate limits, but it sounds like there are valid reasons to have it placed here.
  • Alternatively, the owners of chickenkiller.com could apply to Let’s Encrypt for a rate limit exemption; see the Overrides section on the rate limits page.

Alternatively, you could change providers and get your own domain name that doesn’t suffer from this issue.

EDIT: Counting up certificates issued for this domain, as long as nobody renews theirs in the meantime, you should be able to issue in several hours. Once you get lucky and manage to issue a certificate, you can keep renewing it in the future without having to worry about this particular rate limit.

1 Like

Could you suggest a public / dynamic DNS service that I could use as an alternative to chickenkiller.com which is a domain from freedns.afraid.org



Nah, I pay for domains so I don’t have much experience on the dynamic DNS side. If you’re looking for cheap, Namecheap has a rotating selection of TLDs for $0.88 for the first year (they usually go up after that, so you might have to change names each year.) I think DDNS is popular here, and No-IP, but I don’t really have the knowledge on this side to point you any better than a web search could. Note my edit above though, you will probably be able to sneak under the limit sometime in the next few days. The limit is 20/week, so just count up on that list I linked to get a good idea of when you’ll be able to issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.