thedev.id icon indicating copy to clipboard operation
thedev.id copied to clipboard

Published 20 hours ago verified publisher icon thedev-id

Dealing with Let’s Encrypt rate limits

Open fu-sen opened this issue 4 years ago • 14 comments

I checked past issues. You don't seem to know the Let’s Encrypt rate limits: https://letsencrypt.org/docs/rate-limits/

This means that SUBDOMAIN.thedev.id will limit the issuance or renewal of Let’s Encrypt certificates. It is necessary to deal with this.

JS.ORG, which is well known as a similar service, is on the Public Suffix List. This makes Let’s Encrypt the same as ICANN Domains. Or you need to submit to the rate limiting form.

ZeroSSL does not have this limitation, but the web service recommended by thedev.id does not seem to provide it.

fu-sen avatar May 16 '21 14:05 fu-sen

We do not provide any form of SSL encryption. That is down to the user to handle.

Codeize avatar May 17 '21 06:05 Codeize

I repeat. This is something you have to consider at your level. Equivalent to hosting services. If you do not, you and users will soon receive confusion about this.

fu-sen avatar May 17 '21 06:05 fu-sen

So if I'm reading correctly, the current limit is 50 per week for us? Or 50 per week when we register?

Codeize avatar May 17 '21 06:05 Codeize

As you read the text, I realize that you have begun to understand it. GitHub Pages and Vercel publish Let's Encrypt. If a user encounters this issue, that user cannot handle it. Only you who provide a domain can address this issue at the domain level!

fu-sen avatar May 17 '21 06:05 fu-sen

I'll speak with the co-owner. Thanks.

Codeize avatar May 17 '21 06:05 Codeize

Hey @fu-sen thanks for reporting this. I'm aware of the LE rate limits, it's just that we don't have many subdomains at the moment. However, I'll try to submit thedev.id to the publicsuffix.org list. I'll keep this one open and thanks again.

fransallen avatar May 17 '21 07:05 fransallen

Yes. This will probably take days. It's too late to deal with the problem once it appears. This should have been addressed now that there are still few subdomains.

fu-sen avatar May 17 '21 07:05 fu-sen

k

jaikt avatar Aug 20 '21 11:08 jaikt

Has there been any progress towards adding the domain to the PSL? (although citing Let's Encrypt rate limits directly would be a terrible idea)

aeternesatiatus avatar Jun 05 '22 17:06 aeternesatiatus

It is currently recommended to apply for Let’s Encrypt to resolve this issue. Now that this is possible, the Public Suffix List will not register for Let’s Encrypt.

HelioHost recently encountered this issue. Root Admin here solved the problem with a Let's Encrypt application. https://www.helionet.org/index/topic/52997-lets-encrypt-rate-limit/ https://www.helionet.org/index/topic/53298-great-ssl-news/ Thedev.id should be able to do the same.

fu-sen avatar Jun 05 '22 23:06 fu-sen

Thanks @fu-sen for the guide. Will try to contact the LE team to request a rate limit increase now. I'll share it here when I hear from them.

Update: Just DMed @letsencrypt on Twitter.

fransallen avatar Jun 13 '22 01:06 fransallen

Nevermind, someone already mentioned to add to PSL xD sorry for the noise.

chez14 avatar Jun 13 '22 08:06 chez14

would a simple letsencrypt wildcard cert help here?

reed-jones avatar Jun 13 '22 21:06 reed-jones

Is it *.example.thedev.id? It would require settings at the name server level to issue the certificate, and thedev.id administrator would not provide that setting. You can only use example.thedev.id.

fu-sen avatar Jun 13 '22 22:06 fu-sen

this been stale for a while, i will close this one. if there is an update regarding this, please re-open the issue. thanks.

lakuapik avatar Dec 13 '22 02:12 lakuapik