Request the Lets Encrypt team to allow the creation of digital certificates

[onelinkweb]

Hello,

Request the Lets Encrypt team to allow the creation of digital certificates using the domain. We're currently experiencing a "rate limit" error 429 when trying to add a free digital certificate to the domain.

Lets Encrypt assumes the domain is the same website and blocks the certificate. I believe this is to prevent abuse, which is not the case.

log:
root@srv102:~/.acme.sh# ./acme.sh --issue -d my-domain-here.qzz.io --webroot /usr/local/ispconfig/interface/acme --debug 2
[Wed Sep 3 15:28:21 UTC 2025] Let's find the script directory.
[Wed Sep 3 15:28:21 UTC 2025] SCRIPT='./acme.sh'
[Wed Sep 3 15:28:21 UTC 2025] _script='/root/.acme.sh/acme.sh'
[Wed Sep 3 15:28:21 UTC 2025] _script_home='/root/.acme.sh'
[Wed Sep 3 15:28:21 UTC 2025] Using config home: /root/.acme.sh
[Wed Sep 3 15:28:21 UTC 2025] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.1.2
[Wed Sep 3 15:28:21 UTC 2025] Running cmd: issue
[Wed Sep 3 15:28:21 UTC 2025] _main_domain='my-domain-here.qzz.io'
[Wed Sep 3 15:28:21 UTC 2025] _alt_domains='no'
[Wed Sep 3 15:28:21 UTC 2025] Using config home: /root/.acme.sh
[Wed Sep 3 15:28:21 UTC 2025] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Wed Sep 3 15:28:21 UTC 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Sep 3 15:28:21 UTC 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Wed Sep 3 15:28:21 UTC 2025] _ACME_SERVER_PATH='directory'
[Wed Sep 3 15:28:21 UTC 2025] DOMAIN_PATH='/root/.acme.sh/my-domain-here.qzz.io_ecc'
[Wed Sep 3 15:28:21 UTC 2025] '/usr/local/ispconfig/interface/acme' does not contain 'dns'
[Wed Sep 3 15:28:21 UTC 2025] Le_NextRenewTime
[Wed Sep 3 15:28:21 UTC 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Sep 3 15:28:21 UTC 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Sep 3 15:28:21 UTC 2025] GET
[Wed Sep 3 15:28:21 UTC 2025] url='https://acme-v02.api.letsencrypt.org/directory'
[Wed Sep 3 15:28:21 UTC 2025] timeout=10
[Wed Sep 3 15:28:21 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.bW7PB4lh94 -g --connect-timeout 10'
[Wed Sep 3 15:28:22 UTC 2025] ret='0'
[Wed Sep 3 15:28:22 UTC 2025] response='{
"TvxxvpxybeY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed Sep 3 15:28:22 UTC 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Wed Sep 3 15:28:22 UTC 2025] ACME_NEW_AUTHZ
[Wed Sep 3 15:28:22 UTC 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Sep 3 15:28:22 UTC 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Sep 3 15:28:22 UTC 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Sep 3 15:28:22 UTC 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
[Wed Sep 3 15:28:22 UTC 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Sep 3 15:28:22 UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Sep 3 15:28:22 UTC 2025] _on_before_issue
[Wed Sep 3 15:28:22 UTC 2025] _chk_main_domain='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] _chk_alt_domains
[Wed Sep 3 15:28:22 UTC 2025] '/usr/local/ispconfig/interface/acme' does not contain 'no'
[Wed Sep 3 15:28:22 UTC 2025] Le_LocalAddress
[Wed Sep 3 15:28:22 UTC 2025] d='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] Checking for domain='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] _currentRoot='/usr/local/ispconfig/interface/acme'
[Wed Sep 3 15:28:22 UTC 2025] d
[Wed Sep 3 15:28:22 UTC 2025] '/usr/local/ispconfig/interface/acme' does not contain 'apache'
[Wed Sep 3 15:28:22 UTC 2025] _saved_account_key_hash='zOIeWBqa7ioR8BTyXD4NOw/ceUb9KdMWUNygtDHpINk='
[Wed Sep 3 15:28:22 UTC 2025] _saved_account_key_hash was not changed, skipping account registration.
[Wed Sep 3 15:28:22 UTC 2025] Read key length: ec-256
[Wed Sep 3 15:28:22 UTC 2025] _createcsr
[Wed Sep 3 15:28:22 UTC 2025] domain='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] domainlist
[Wed Sep 3 15:28:22 UTC 2025] csrkey='/root/.acme.sh/my-domain-here.qzz.io_ecc/my-domain-here.qzz.io.key'
[Wed Sep 3 15:28:22 UTC 2025] csr='/root/.acme.sh/my-domain-here.qzz.io_ecc/my-domain-here.qzz.io.csr'
[Wed Sep 3 15:28:22 UTC 2025] csrconf='/root/.acme.sh/my-domain-here.qzz.io_ecc/my-domain-here.qzz.io.csr.conf'
[Wed Sep 3 15:28:22 UTC 2025] Single domain='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] seg='my-domain-here'
[Wed Sep 3 15:28:22 UTC 2025] _is_idn_d='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] _idn_temp
[Wed Sep 3 15:28:22 UTC 2025] _is_idn_d='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] _idn_temp
[Wed Sep 3 15:28:22 UTC 2025] _csr_cn='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] seg='my-domain-here'
[Wed Sep 3 15:28:22 UTC 2025] Getting domain auth token for each domain
[Wed Sep 3 15:28:22 UTC 2025] seg='my-domain-here'
[Wed Sep 3 15:28:22 UTC 2025] _is_idn_d='my-domain-here.qzz.io'
[Wed Sep 3 15:28:22 UTC 2025] _idn_temp
[Wed Sep 3 15:28:22 UTC 2025] d
[Wed Sep 3 15:28:22 UTC 2025] _identifiers='{"type":"dns","value":"my-domain-here.qzz.io"}'
[Wed Sep 3 15:28:22 UTC 2025] _notBefore
[Wed Sep 3 15:28:22 UTC 2025] _notAfter
[Wed Sep 3 15:28:22 UTC 2025] STEP 1, Ordering a Certificate
[Wed Sep 3 15:28:22 UTC 2025] =======Sending Signed Request=======
[Wed Sep 3 15:28:22 UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Sep 3 15:28:22 UTC 2025] payload='{"identifiers": [{"type":"dns","value":"my-domain-here.qzz.io"}]}'
[Wed Sep 3 15:28:22 UTC 2025] EC key
[Wed Sep 3 15:28:22 UTC 2025] _URGLY_PRINTF
[Wed Sep 3 15:28:22 UTC 2025] xargs
[Wed Sep 3 15:28:22 UTC 2025] _URGLY_PRINTF
[Wed Sep 3 15:28:22 UTC 2025] xargs
[Wed Sep 3 15:28:22 UTC 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Sep 3 15:28:22 UTC 2025] HEAD
[Wed Sep 3 15:28:22 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Sep 3 15:28:22 UTC 2025] body
[Wed Sep 3 15:28:22 UTC 2025] _postContentType='application/jose+json'
[Wed Sep 3 15:28:22 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.FC4NKDhZEK -g -I '
[Wed Sep 3 15:28:23 UTC 2025] _ret='0'
[Wed Sep 3 15:28:23 UTC 2025] _headers='HTTP/2 200
server: nginx
date: Wed, 03 Sep 2025 15:28:23 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: 5vcyUwULpZmbHX0BGZ6gU-0J6EXZIEIXvnLV3_zMHE1tPymrmfs
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Sep 3 15:28:23 UTC 2025] nonce='5vcyUwULpZmbHX0BGZ6gU-0J6EXZIEIXvnLV3_zMHE1tPymrmfs'
[Wed Sep 3 15:28:23 UTC 2025] _URGLY_PRINTF
[Wed Sep 3 15:28:23 UTC 2025] xargs
[Wed Sep 3 15:28:23 UTC 2025] POST
[Wed Sep 3 15:28:23 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Sep 3 15:28:23 UTC 2025] body='{"protected": "eyJub25jZSI6ICI1dmN5VXdVTHBabWJIWDBCR1o2Z1UtMEo2RVhaSUVJWHZuTFYzX3pNSEUxdFB5bXJtZnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjYyMDk5MjE4NyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InppcHVybC5xenouaW8ifV19", "signature": "NCcEjayAL2YdC9XV_euJUjvzjXiTEb4IdaWsnYdG7EfKGuKrgwsDSPksQAkYFHhe4C5ufXAwYpd50qJ1iA4gdA"}'
[Wed Sep 3 15:28:23 UTC 2025] _postContentType='application/jose+json'
[Wed Sep 3 15:28:23 UTC 2025] Http already initialized.
[Wed Sep 3 15:28:23 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.FC4NKDhZEK -g '
[Wed Sep 3 15:28:23 UTC 2025] _ret='0'
[Wed Sep 3 15:28:23 UTC 2025] responseHeaders='HTTP/2 429
server: nginx
date: Wed, 03 Sep 2025 15:28:23 GMT
content-type: application/problem+json
content-length: 287
boulder-requester: 2620992187
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
link: https://letsencrypt.org/docs/rate-limits;rel="help"
replay-nonce: K7BcPJEgTsECg86lwjX6-eCdXKS5-wydYv_au9V-dkY7-qzdYoY
retry-after: 11195
'
[Wed Sep 3 15:28:23 UTC 2025] code='429'
[Wed Sep 3 15:28:23 UTC 2025] original='{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "too many certificates (50) already issued for "qzz.io" in the last 168h0m0s, retry after 2025-09-03 18:34:58 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-registered-domain",
"status": 429
}'
[Wed Sep 3 15:28:23 UTC 2025] response='{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "too many certificates (50) already issued for "qzz.io" in the last 168h0m0s, retry after 2025-09-03 18:34:58 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-registered-domain",
"status": 429
}'
[Wed Sep 3 15:28:23 UTC 2025] Le_LinkOrder
[Wed Sep 3 15:28:23 UTC 2025] Le_OrderFinalize
[Wed Sep 3 15:28:23 UTC 2025] Error creating new order. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "too many certificates (50) already issued for "qzz.io" in the last 168h0m0s, retry after 2025-09-03 18:34:58 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-registered-domain",
"status": 429
}
[Wed Sep 3 15:28:23 UTC 2025] pid
[Wed Sep 3 15:28:23 UTC 2025] No need to restore nginx config, skipping.
[Wed Sep 3 15:28:23 UTC 2025] _clearupdns
[Wed Sep 3 15:28:23 UTC 2025] dns_entries
[Wed Sep 3 15:28:23 UTC 2025] Skipping dns.
[Wed Sep 3 15:28:23 UTC 2025] _on_issue_err
[Wed Sep 3 15:28:23 UTC 2025] Please check log file for more details: /var/log/ispconfig/acme.log
[Wed Sep 3 15:28:23 UTC 2025] _chk_vlist
[Wed Sep 3 15:28:23 UTC 2025] Diagnosis versions:
openssl:openssl
OpenSSL 3.0.17 1 Jul 2025 (Library: OpenSSL 3.0.17 1 Jul 2025)
Apache:
Apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.4 on 06 Nov 2022 08:15:51
running on Linux version #1 SMP PREEMPT_DYNAMIC Debian 6.1.147-1 (2025-08-02), release 6.1.0-38-cloud-amd64, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_VSOCK 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/

Allan

[onelinkweb]

my request in Lets Encrypt: https://community.letsencrypt.org/t/domain-qzz-io-digitalplatdev/241012/2