Weird behavior of rate limit


#1

my domain: accgen.undo.it

Error:
. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error finalizing order :: too many certificates already issued for: undo.it: see https://letsencrypt.org/docs/rate-limits/”, “status”: 429 }

Issue: “*.undo.it” comes under a free subdomain hosting service provided by afraid.org
I’ve been trying to issue a certificate for last 5 days but I guess some “bad guy” issued like 100 certificates for the domain “npan.undo.it” on 19th September, because of which I have to face the rate limit, alright, I kept trying everyday and Everytime I got the rate limit,
I tried today, and again got the rate limit error BUT to my surprise some guy issued a certificate for “co.undo.it” on 25th September, even though I was getting rate limit, I tried again later and still getting rate limited even though I think others can issue a certificate now… it’s so confusing.
Can anyone please tell me when I can issue an certificate for accgen.undo.it

Source: https://crt.sh/?q=%.undo.it

Thanks for any help :slight_smile:


#2

First come, first served. You got beaten to the punch once the rate limit window opened up slightly.

Best to use either a domain that is on the PSL, or your own domain.

Rate Limit Current Status Domain
50 Certificates per Registered Domain per week Limit exceeded (182/50 this week). Next certificate issuable at 2018-09-26T03:31:48.000Z. undo.it

Summary generated at https://tools.letsdebug.net/cert-search?m=domain&q=undo.it&d=168 .

With the specific case of co.undo.it, renewals are exempt from that particular rate limit. That’s why that user could renew their certificate, but you are affected by it because yours would be a new certificate.


#3

Ohh it was a renewal for “co.undo.it”, I did not notice that, thanks for that info!

Also, thanks for the URL and the time when I can issue a certificate again, that really helps!

Also I got ownership of this subdomain on 20th September, so rate limit window didn’t open since then (and it’ll now open on 2018-09-26T03:31:48.000Z)
I’ll set up a bot to automatically issue a certificate at that specific time because I’m mostly unavailable due to work.

Once again, thanks!


Ongoing abuse of afraid.org domains
#4

Unfortunately if somebody renews any certificate before then, the date will get bumped back. But good luck :slight_smile: !

IDK if you know but you can get free (.gq, .ga, .tk, .ml) domains from freenom.org which may serve you better, in the sense that they are not shared.


#5

Oh that’s bad.

btw I was earliest using freenom, but their business model has flaws, I was told to give away ownership of a domain which I was the rightful owner for, because someone decided to pay for it, so they gave that domain to him.
I got no pre information on this, and my domain was randomly suspended because of another premium claim by someone else, this issue of “premium domain stealing” will teach me never to use their service again, I’d rather wait a month with afraid.org because I trust them than to go and get fooled again by freenom


#6

So does that mean I have to wait 7 days starting from 25th September (the renewal date for co.undo.it) to issue a fresh certificate?
Sorry I’m not really familiar with rolling time window, it’s bit confusing in the beginning.


#7

You can issue a certificate once the number of certificates issued in the last 7 days (renewed or fresh) goes down to 49/50. Once it goes up to 50, you’re out of luck.

There’s never a reset to 0/50, it just goes down 1 by 1 as the issuance date of each previous certificate goes from being less than 7 days ago to more than 7 days ago.

It’s entirely possible that you will never be able to issue a certificate. All that that requires is a steady flow of people renewing every day, at a rate of more than 50/week.

Let’s Encrypt’s rate limit system really does not work well with shared domains that aren’t on the PSL.


#8

This explains everything crystal clear! Thanks for your time! :slight_smile: and I’ll surely consider getting a private domain if needed.


#9

Hi @WealthyKing

thanks. This is terrible, so freenom is critical, if someone has a good domain and other want to pay this domain.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.