Let's encrypt failed for hostname

ShinJii

Verified User
Joined
Mar 20, 2014
Messages
142
Hi,
There wasn't problem till now.... my hostname is server.domain.com and I have also domain.com added as normal domain - wildcard for *.domain.com generated fine but for server.domain.com I have outdated SSL since 24.04.2021... I don't know why it was generating fine till now... something changed in let's encrypt or what?

If I try this:
Code:
/usr/local/directadmin/scripts/letsencrypt.sh request_single serwer.domain.com 4096

I got this:
Code:
2021/05/10 18:01:07 [INFO] [serwer.domain.com] acme: Obtaining SAN certificate
2021/05/10 18:01:07 Could not obtain certificates:
        acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains: serwer.domain.com: see https://letsencrypt.org/docs/rate-limits/, url:  
Certificate generation failed.
I had few days ago different error [before this limit above]... something like "too many certificates generated for domain.com"...

Why it's failing? If wildcard is fine... why directadmin want to use different certificate for server.domain.com if I have wildcard *.domain.com ?

@smtalk any idea?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,381
Location
Maastricht
my hostname is server.domain.com
So why are you requesting for serwer.domain.com? typo?

Anyway, the reason that it's failing is stated in the error:
Error creating new order :: too many certificates already issued for exact set of domains: serwer.domain.com: see https://letsencrypt.org/docs/rate-limits/
And what you are writing the "something like" also looks like too many certificates.

why directadmin want to use different certificate for server.domain.com if I have wildcard *.domain.com ?
Because *.domain.com is for the domain name and server.domain.com is the hostname. Hostname is not subdomain. So a seperate certificat is used.
I think best wait a week and try again. Or check why so many requests are made for that domain that you run into rate limits.
 

ShinJii

Verified User
Joined
Mar 20, 2014
Messages
142
So why are you requesting for serwer.domain.com? typo?

Anyway, the reason that it's failing is stated in the error:

And what you are writing the "something like" also looks like too many certificates.


Because *.domain.com is for the domain name and server.domain.com is the hostname. Hostname is not subdomain. So a seperate certificat is used.
I think best wait a week and try again. Or check why so many requests are made for that domain that you run into rate limits.

1. Yes, typo writing here ;)
2. But it's getting this error since a month lol... and like I wrote, after reset limit there's error like "too many certificates for that domain" - there wasn't problem earlier since 1-2 years... so... I don't know where's problem... I didn't change anything.
is there any logs for that all automatic Let's Encrypt tries?
 

ShinJii

Verified User
Joined
Mar 20, 2014
Messages
142
Halo.... anyone? it's still not generated.... it makes me angry...
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,076
Location
LT, EU
1) It's rate-limited now, you need to wait until rate-limit expires.
2) Make sure you run latest version of letsencrypt.sh, because I think you may have an old version there.
3) If you still have any problems, please create a DA support ticket, if your license is a DC license - please contact your DC for the support.
 

ShinJii

Verified User
Joined
Mar 20, 2014
Messages
142
But why it can't generate since ~1.5 month? lol... I have newest version of custombuild and let's encrypt.
Funniest thing is that the Directadmin panel (server.domain.com:2222) give an error because of old certificate but the same subdomain for example with phpmyadmin (server.domain.com/phpmyadmin) is okay because technically it's generated normally in that domain like other subdomains.
@smtalk
 
Top