A rate limit prevents DCV

Louk88 · January 14, 2021, 5:01pm

Hi,

The problem is started when the AutoSSL script of cPanel tried to renew the certificate for several subdomains, knowing that several of them are not accessible because they were created automatically by cPanel.

I corrected the problem by removing and excluding all non-accessible subdomains.

I have read the article regarding the application limit, and if I understand correctly in 7 days I will be able to renew.

my questions are:

Is there a way to get new certificates without waiting for the 7 day period?
If not, from what date do we start counting the 7 days (since the script was started several times with several failures)?
Since the autossl script is launched on its own every period, does it affect the blocking time each time there is a failure?

Thank you

I ran this command: AutoSSL cPanel

It produced this output: MASTER DCV: A rate limit prevents DCV.

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel

JuergenAuer · January 14, 2021, 5:31pm

Hi @Louk88

that's

not a Letsencrypt error, that's too unspecific. The exact rate limit error is required.

Osiris · January 14, 2021, 5:47pm

In principle, no. But depending on the exact error, there is a single rate limit you could work around. See the rate limit documentation rate for more information.

The rate limits are sliding windows, as explained on the rate limit documentation page.

This depends on the exact rate limit. The only rate limit with a window of seven days is a rate limit for succesful certificate issuance and not for failures.

Also, you've conveniently deleted the part of the questionnaire where it says you are required to post your hostname to receive any help on this Community at all.. That's not helpful at all.

Louk88 · January 14, 2021, 7:14pm

Hi Osiris,

Thanks, your answer is very useful, I did not pay attention to the "sliding window" in documentation.

Using https://crt.sh I understand what happened, there are a lot of certificates that were requested yesterday by AutoSSL.

I still have a few days left before the certificate expires, I will stop the AutoSSL and try in a few days.

PS: Regarding the hostname info, I am not allowed to share it in the forums.

Thank you

Louk88 · January 14, 2021, 7:17pm

Hi JuergenAuer,

I agree, the problem is caused by unreachable subdomains, I will try in a few days.

Thanks for your help.

Osiris · January 14, 2021, 8:43pm

Chances are stopping and resuming AutoSSL will result in the same issue as you're having now. After all, there are certificates issued as you yourself saw on crt.sh. The problem is: AutoSSL isn't using those certificates. Why would that suddenly do work in a few days?

I would advise you to debug your issue now before it's too late.

Louk88 · January 14, 2021, 11:00pm

@Osiris

after some debugging, I found another problem, AutoSSL is unable to install the certificates received from let's encrypt.

Certificate installation error: Can't locate object method "install_certificate" via package "Cpanel :: SSL :: Auto :: Provider :: LetsEncrypt" at /var/cpanel/perl/Cpanel/SSL/Auto/Provider/LetsEncrypt.pm line 203.

According to the cPanel support site, this problem can be solved by running the following command:

/usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

Now i guess AutoSSL should be able to install the received certificates.