WHM AutSSL Rate limit


#1

Not sure if this is an issue with WHM or if it’s something on Let’s Encrypt’s end…

My set up:
I have an account example1.com and parked on it is example1.com.example.com
This is how we have all our accounts setup so there
example2.com, example2.com.example.com
example3.com, example3.com.example.com
etc…

I’m getting a rate limit for example.com, which I understand. However, it prevents the issuance of certs for example1.com and www.example1.com. The way the log is worded in WHM is like:
The system will attempt to renew SSL certificates for the following websites:
example1.com (example1.com www.example1.com example1.com.example.com)

Then gives the error:
Error creating new cert :: Too many certificates already issued for: example.com (The request exceeds a rate limit)

Is there some way to configure it to try to run the cert for example1.com.example.com separately?


#2

since they all include example.com - then you are likely to hit the limit for example.com ( if you have them all on separate certificates, related to ex2, ex3 etc)

How many certificates are you after ?


#3

Number of certs doesn’t matter to me. I just don’t want some domains (the main ones I’m after) to fail because some other (not that important ones at this time) fail.


#4

The reason I was asking the number of Certificates, is because my advice would change depending if you said 10 or 1000 :wink:


#5

Yeah. I guess I’d prefer the least number of certs to avoid any other rate limits, but this will be the only cert issued for example1.com, so I really shouldn’t be hitting any other limits, even if it has to break example1.com and www.example1.com into two certs.

Just as a note, the only reason this is happening is because I’m doing a whole server transfer and was hoping to switch more accounts to AutoSSL. But the 20 cert a week limit makes this impossible.


#6

maybe I’m not understanding the issue here.

There should be no issue ( from my understanding) with example1.com and www.example1.com domains (on the same, or separate certs)

In your first post though my understanding was you were adding “example.com” to every single cert, and including “example1.example.com

The issue ( if my understanding of that is correct) is the number of certificates for example.com ( not example1 or example2 etc.).


#7

There should be no issue ( from my understanding) with example1.com and www.example1.com domains (on the same, or separate certs)

Correct - not an issue

In your first post though my understanding was you were adding
"example.com" to every single cert, and including “example1.example.com

I haven’t configured anything beyond what the default WHM installation provides. It does seem like it is adding example1.example.com to the cert causing it to fail

The issue ( if my understanding of that is correct) is the number of
certificates for example.com ( not example1 or example2 etc.).

That is correct. But it causes the cert for example1.com, etc, to not be issued, which is a more immediate problem.


#8

So do you want example.com added on the end of all the certificates ? ( because you want example1 parked on example1.example.com hence it’s a subdomain of example.com ). In which case you potentially have a rate limit issue for example.com, and back to my question of the number of certs / domains.

Or do you want them independent ? and it’s a "bug’ in WHM that has them all issuing certs including example.com ?

or something else ?


#9

I don’t care if they are independent or on the same cert. I don’t care how many certs I end up with. All I need is for a failure of 1 or more domains to not affect the issuance for the domains that would have succeeded on their own.

I don’t know if this is a limitation of WHM or not. Hopefully there is some kind of work around.


#10

That behaviour is WHM-specific and would have to be changed there. Not sure if a workaround exists.


#11

My questions have been me trying to ask what you want to achieve, so I can give you advice on how to achieve that. Your answer seems to be “I don’t care” though … so in a nice way, I’m tempted to say the same :wink: more politely though - if I don’t know what you want to achieve, I can’t really provide you with an answer of how to achieve it.

If you “don’t care” if the domains are all parked domains or not - then remove the parking, so there is no connection between exampleX.com and example.com, and your rate limit problems should go away.


#12

Thanks @pfg, I was thinking that might be the case.

@serverco - You asked how any certs I want. This is not something I have any preference on. You asked what I want, I also answered that directly:

All I need is for a failure of 1 or more domains to not affect the
issuance for the domains that would have succeeded on their own.

If you’re asking if having the domain parked is a requirement, yes it is. However it is not a requirement that an SSL is issued successfully for that parked domain.


#13

I was assuming you might have a rough idea of how many domains you had on your server, and how many parked. If not, then I don’t really have a solution I can suggest, sorry.


#14

Ah, I see what you’re getting at. There will be about 400 accounts each with the pattern of exampleX.com.example.com parked on it.


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.