When you attempt to create a new account on a Mastodon server and see the error message “Rate limit on sign up endpoint,” your registration request has been blocked by the server’s rate limiting system. This error occurs because the server has received too many registration attempts from your IP address or network within a short time frame. Mastodon administrators enable this protection to prevent automated bots from flooding the server with fake accounts. This article explains why this error appears and provides practical steps to resolve it so you can complete your registration.
Key Takeaways: Resolving the Rate Limit Error
- Preferences > Administration > Registrations: Server administrators can adjust the registration rate limit in the Mastodon admin panel.
- VPN or proxy service: Using a different IP address can bypass a rate limit that is tied to your current IP.
- Private browsing or cleared cookies: A fresh browser session may reset the rate limit counter for your client.
Why the Rate Limit on Sign Up Endpoint Error Occurs
Mastodon rate limits are a built-in defense mechanism that prevents abuse of server resources. The sign-up endpoint specifically handles account creation requests. When the server detects more than a certain number of requests from a single IP address or user agent within a defined time window, it temporarily blocks further requests and returns the HTTP 429 Too Many Requests status code. The default limit is typically 3 to 5 sign-up attempts per hour per IP address, but server administrators can configure this value.
The reason for this protection is straightforward. Without rate limits, malicious actors could run automated scripts to create thousands of dummy accounts, consuming database storage and moderator time. The rate limit also discourages brute-force attacks on the registration form. If you are a legitimate user and encounter this error, it usually means you have submitted the registration form multiple times in quick succession, or your network shares an IP address with other users who have recently attempted sign-ups. Shared networks such as public Wi-Fi, school networks, or office VPNs can trigger this error because the server sees all traffic as coming from a single IP.
Mastodon instances that are open for public registration often experience high traffic. Instance administrators may also set stricter limits during periods of spam attacks. The rate limit is applied globally to the sign-up endpoint, so even if you have never visited that instance before, an aggressive limit on the server side can affect your first attempt.
Steps to Resolve the Rate Limit Error
The steps below apply to both end users who are trying to register and server administrators who need to adjust the limit for their instance.
For End Users: Wait and Retry
- Wait for the rate limit window to expire
Most Mastodon instances enforce a rate limit window of 1 hour. Do not attempt to register again during this time. Each new attempt resets the timer for the block. Close the browser tab and wait at least 60 minutes before retrying. - Switch to a different network
If you are on a shared network, disconnect from it. Use your mobile phone’s cellular data connection instead. This gives you a new public IP address that is not subject to the previous rate limit. - Use a VPN or proxy
Connect through a reputable VPN service to obtain a different IP address. After connecting, clear your browser cache and cookies, then navigate to the Mastodon instance again. Try registering with the new IP. - Use a private browsing window
Open a private or incognito window in your browser. This prevents the server from associating your new request with any previous cookies or cached data that might have been flagged. - Contact the instance administrator
If you have waited and still cannot register, find the instance’s contact information. Look for a “Contact” link in the footer or check the server’s about page. Send a polite message explaining that you are receiving the rate limit error and ask them to temporarily lift the limit for your IP.
For Server Administrators: Adjust the Rate Limit Setting
- Navigate to the admin dashboard
Log in to your Mastodon instance with an admin account. Go to Preferences > Administration > Server Settings. - Find the Registrations section
Scroll to the section labeled “Registrations.” Look for the field named “Rate limit on sign up (per hour per IP).” The default value is usually 3. - Increase the rate limit value
Change the number to a higher value, such as 10 or 20, to allow more registration attempts per hour. Be cautious: raising this limit increases the risk of spam registrations. Do not set it above 50 unless you have additional anti-spam measures in place. - Save the changes
Click the “Save changes” button at the bottom of the page. The new rate limit takes effect immediately. No server restart is required. - Monitor for abuse
After increasing the limit, watch the server logs and registration queue for signs of spam. If you see a sudden spike in new accounts, reduce the limit back to a lower number.
For Server Administrators: Whitelist Trusted IPs
If you run a private instance for a known group of users, you can bypass the rate limit for specific IP addresses. This method requires editing the Mastodon configuration file.
- Access the server shell
SSH into your Mastodon server. Navigate to the Mastodon root directory, typically/home/mastodon/live. - Edit the .env.production file
Open the file with a text editor like nano:nano .env.production. Add the following line:RACK_ATTACK_SAFE_IPS=192.168.1.1,10.0.0.1
Replace the IP addresses with the ones you want to whitelist. Separate multiple IPs with commas. - Save and restart Mastodon
Save the file and restart the Mastodon web service:systemctl restart mastodon-web. The whitelisted IPs will no longer be subject to the sign-up rate limit.
If the Rate Limit Error Persists After the Main Fix
Rate limit triggered by browser extensions
Some browser extensions, particularly privacy-focused ones like uBlock Origin or NoScript, can send multiple background requests to the server. These requests may be counted as separate sign-up attempts. Disable all extensions temporarily and try registering again in a clean browser profile.
Server-wide rate limit reached
If the Mastodon instance has a global rate limit that applies to all users, no individual can register until the limit resets. This is rare but can happen on overloaded servers. Check the server’s status page or social media feed for announcements. If you are the administrator, review the log/production.log file for lines containing “429” to see the overall request volume.
IP address blacklisted by the server
In some cases, the server may have permanently blacklisted your IP address due to past abuse. This goes beyond a temporary rate limit. If you suspect this, try registering from a completely different IP address, such as a mobile hotspot. If that works, contact the server admin to request removal of the blacklist for your original IP.
Rate Limit Error: End User vs Administrator Response
| Item | End User Action | Administrator Action |
|---|---|---|
| Primary cause | Too many sign-up attempts from your IP | Default rate limit set too low for legitimate traffic |
| Immediate fix | Wait 1 hour, use VPN, or switch networks | Increase the rate limit value in admin settings |
| Advanced fix | Contact admin to whitelist your IP | Edit .env.production to add RACK_ATTACK_SAFE_IPS |
| Prevention | Do not refresh the sign-up page repeatedly | Set a reasonable limit and monitor logs weekly |
This table summarizes the two perspectives on the same error. End users should focus on changing their network or waiting. Administrators should adjust the server configuration to balance security with accessibility.
After following the steps in this article, you should be able to register on the Mastodon instance without encountering the rate limit error. If you are an administrator, consider enabling email verification or CAPTCHA as an additional layer of protection instead of relying solely on rate limits. For end users, always use a stable network connection and avoid submitting the registration form more than once within a 30-minute window.