Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version): asus rt-ax88u
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
updated my router to the new Version 3.0.0.4.386.41249 official
and let's encrypt cert is stuck on authorizing
it say's to add --force to renew it in the logs
I tried to do with certbot in windows but it says too many times
renew date in february 2021
san someone renew it Please
Thank you
Please read about Let's Encrypt's issuance rate limits:
Since you have already reached the Duplicate Certificates limit for this name, you won't be able to issue a new Let's Encrypt certificate for this name (by itself) for another week. If you can find the existing certificates saved somewhere on the ASUS device, they should still be valid.
If the certificates are getting issued by the Asus device software but then not actively used on the device, it seems like the Asus software has a bug (as it's an integrated solution that's failing to act in an integrated way). Is there a way to ask Asus or its community for help with this?
There is one change that recently happened in Let's Encrypt's services (a new intermediate certificate used to issue subscribers' certificates) which could have broken some software if it hard-coded too many assumptions about how Let's Encrypt works. I don't have any evidence that this is relevant to the problem that the two of you are experiencing, but the timing would match up if this worked well in the past and suddenly stopped working recently.
The solution is built into the router interface
you basically go to the wan section ,click on ddns ,put in your ddns info
and then click on the get free cert from Let's Encrypt and it does the rest
if you would normally do an firmware update ,it's fine no issues
but with the changeover it 386 series code ,I had to do a wipe and clean install
that when the issues arise
I just get stuck on authorizing,So I did it again ,same
so there you go ,log files say to use the --force renew switch
For the Asus users who might be missing context for that change:
About the last 16,000,000 certificates that Let's Encrypt has issued have used this new intermediate:
Let's Encrypt documentation has always advised client implementers to use the certificate chain provided by the CA (so that intermediates can change like this!), but some clients may have hard-coded references that require or assume the old X3 intermediate, in which case they will be broken from now on until these references are removed.
I'm sorry ,I don't understand the process
so I tried it too many times ,I know it's my fault but there has to be a way to remove all
the previous certs and start over,no
forgive me for my lack of knowledge
Let's Encrypt is an almost completely 100% automated system, run by robots.
That's what makes it cheap enough to be able to give out certificates at no charge.
In exchange for this, the Let's Encrypt team has greatly limited its ability to make changes for, or on behalf of, an individual user. Almost all policies are enforced by software almost all of the time, and for many of them there are no tools to permit human intervention. For example, to my knowledge there is no interface for resetting a rate limit when someone reaches it by mistake. That is even true if the rate limit was reached due to a bug in someone else's software.
As the rate limit documentation says, the rate limits are there "to ensure fair usage by as many people as possible" because otherwise software bugs like this (or people choosing designs that don't scale well, like re-issuing a certificate every day or every hour) could overwhelm the resources of the Let's Encrypt infrastructure.
I'm very sorry that users sometimes end up getting "punished" for bugs in the tools that they use (which I think is the case here as Asus developers seem to have made an unwarranted assumption in their code, contrary to Let's Encrypt's developer documentation), but not requiring a large support team to deal with investigations and special cases for this every day is really one aspect of what makes it possible for Let's Encrypt certificates to be provided at no cost to the subscriber.
This particular rate limit resets after 7 days; if you need a certificate before that, you could use a paid CA or one of the other free ACME CAs (BuyPass, ZeroSSL), if you can configure the device to request it from them.
