Let's Encrypt SSL certificate expired and doesn't auto-renew

V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
Dear support team,
I'm experiencing an issue with the free Let's encrypt SSL certificate that I had working on my website (my account is unifield). I have access to the SSL control panel in DirectAdmin and I see there that the certificate has expired on Apr 14 02:52:42 2021 GMT . The auto-renew option was selected, but didn't work for some reason (right now I've tried to disable it and turn it back on, but it seems that I cannot do that).

When I try to obtain a new free Let's encrypt certificate for my four domains, I'm getting this error message:
Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/, url:
Certificate generation failed.

Can you help me with this issue? Thank you in advance!
 
V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
Any suggestion on how to obtain a valid SSL certificate, considering the rate limits?
 
spacresx

spacresx

Community Advocate
Community Support
Messages
2,199
Reaction score
195
Points
63
have you tried to manually obtain a new certificate ??
its possible the auto renew does not work properly.
 
garrettroyce

garrettroyce

Community Support
Community Support
Messages
5,609
Reaction score
250
Points
63
Unfortunately, the rate limits from let's encrypt are set in stone by them and we can't lift them. You just have to keep trying. The limit resets every 4 hours, so you can try every few hours to renew.
 
V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
Thank you spacresx and Garrett Royce for your help. I'll try again to manually obtain a new certificate, for some reason I've thought that I should wait one week between attempts, instead of every 4 hours. Once I've got trough the rate limit, but got a different error message. I wanted to paste it here, but messed up with copying the text from the error message, so I'll try again.

Edit: Now I've got a different error message:


2021/08/22 22:02:48 [INFO] [vladimirgavryusev.ru, mail.vladimirgavryusev.ru, mail.xn--80aaecadglxa3ap7cdp1s.xn--p1ai, www.vladimirgavryusev.ru, www.xn--80aaecadglxa3ap7cdp1s.xn--p1ai, xn--80aaecadglxa3ap7cdp1s.xn--p1ai] acme: Obtaining SAN certificate
2021/08/22 22:02:48 Could not obtain certificates:
acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:
Certificate generation failed.
 
Last edited:
spacresx

spacresx

Community Advocate
Community Support
Messages
2,199
Reaction score
195
Points
63
as GarrettRoyce suggested the limit resets every 4 hours.
you can keep trying after that time.
 
V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
I've finally managed to get through a certificate request, but it failed due to a different error. Could you help me to understand how to fix it?

2021/09/07 07:09:01 [INFO] [vladimirgavryusev.ru, www.vladimirgavryusev.ru, www.xn--80aaecadglxa3ap7cdp1s.xn--p1ai, xn--80aaecadglxa3ap7cdp1s.xn--p1ai] acme: Obtaining SAN certificate
2021/09/07 07:09:02 [INFO] [vladimirgavryusev.ru] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907140
2021/09/07 07:09:02 [INFO] [www.vladimirgavryusev.ru] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907160
2021/09/07 07:09:02 [INFO] [www.xn--80aaecadglxa3ap7cdp1s.xn--p1ai] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907170
2021/09/07 07:09:02 [INFO] [xn--80aaecadglxa3ap7cdp1s.xn--p1ai] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28790380750
2021/09/07 07:09:02 [INFO] [vladimirgavryusev.ru] acme: authorization already valid; skipping challenge
2021/09/07 07:09:02 [INFO] [www.xn--80aaecadglxa3ap7cdp1s.xn--p1ai] acme: authorization already valid; skipping challenge
2021/09/07 07:09:02 [INFO] [xn--80aaecadglxa3ap7cdp1s.xn--p1ai] acme: authorization already valid; skipping challenge
2021/09/07 07:09:02 [INFO] [www.vladimirgavryusev.ru] acme: Could not find solver for: tls-alpn-01
2021/09/07 07:09:02 [INFO] [www.vladimirgavryusev.ru] acme: use http-01 solver
2021/09/07 07:09:02 [INFO] [www.vladimirgavryusev.ru] acme: Trying to solve HTTP-01
2021/09/07 07:09:06 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907140
2021/09/07 07:09:06 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907160
2021/09/07 07:09:06 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497907170
2021/09/07 07:09:06 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28790380750
2021/09/07 07:09:06 Could not obtain certificates:
error: one or more domains had a problem:
[www.vladimirgavryusev.ru] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.vladimirgavryusev.ru - check that a DNS record exists for this domain, url:
Certificate generation failed.

This is what I have in my DNS control page:

Type Name TTL Value
A ftp 14400 198.91.81.13
A localhost.vladimirgavryusev.ru. 14400 127.0.0.1
A vladimirgavryusev.ru. 14400 198.91.81.13
NS vladimirgavryusev.ru. ns1.x10hosting.com.
NS vladimirgavryusev.ru. ns2.x10hosting.com.
MX vladimirgavryusev.ru. 14400 0 vladimirgavryusev.ru.
CNAME mail 14400 vladimirgavryusev.ru.
CNAME www 14400 vladimirgavryusev.ru.
TXT vladimirgavryusev.ru. 14400 "google-site-verification=3h2yOnaH8fRTK-XeHSgF8TzMwt9dw0RPbNynYLSfJl4 v=spf1 a mx ip4:198.91.81.13 ~all"
 
garrettroyce

garrettroyce

Community Support
Community Support
Messages
5,609
Reaction score
250
Points
63
I think that you need to remove the x10 nameservers if you are going to specify your own CNAME records. I'm not great at DNS, but what it looks like to me is that www.vladimirgavryusev.ru doesn't exist on ns1.x10hosting.com (or ns2) so the lookup fails.
 
V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
Thank you! I'll see how I can change the DNS configuration to work around this issue, but I'm not an expert either. If anyone already knows how to solve this issue, I'll be glad if you can help me.
 
V

vgavryusev

New Member
Messages
18
Reaction score
1
Points
3
I'm glad that I've finally solved this issue. Something in my DNS configuration was not correct anymore, maybe due to recent changes in the hosting server configuration (I've set up the DNS servers automatically using the control panel some years ago). My solution was:
1) remove the domain name
2) recreate the domain name with the associated DNS and wait few hours for the changes to propagate
3) manually request a free Let's encrypt SSL certificate when the limit reset happened
4) got some issue with the verification of already known keys in the /public_html/.well-known folder, so I deleted the folder
5) retried a manual certificate request and it was successful

Thanks again to garrettroyce and spacresx for their help!
 
You must log in or register to reply here.
Top