Cannot activate Let's Encrypt for one website: rate limit?

My domain is: travesti.fr

My web server is (include version): 51.255.85.241 · ns3039560.ip-51-255-85.eu

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, ISPConfig 3.1.11

Hello, people at Let’s Encrypt. Thanks for the great work. So I have got a severe problem. Friday, my LE certificate ran out and I said: “nice, it’s the best time for moving to a new server!” So I moved my site to a new server with ISPConfig 3.1.11 already setup.

I tried to upload several websites and it worked like a breeze! I just had to check “Let’s Encrypt” et voilà. But for my domain Travesti.fr, I could not make it work and I don’t know why. So what I did: I pointed my DNS to a Shopify store to see if they could activate SSL: yes they did (but I don’t know if it was Let’s Encrypt).

Then, I made my DNS back to a fresh-installed server. I installed https://troisiemesexe.fr/ and immediately worked. But not https://travesti.fr/. This is a real pain because since monday, my clients suddenly fled my store… :’( Which I easily understand, of course.

I was told: “maybe you’ve hit rate limit” but I’ve checked with https://crt.sh/ but I don’t exactly know if it is okay or not. I don’t understand it, actually.

Is there a way to know if I hit the rate limite and, if yes, when will I be able to check Let’s Encrypt again?

Thanks a lot for your help and keep up the good work! :blush:

Hi,

---------UPDATE----------
You does hit on rate limit.

What I guess?
You probably forget to restart Nginx after the certificate issued, keep trying to ask for certificate


Do you have any error message or whatever?

As I saw your website, it just show me common name mismatch.

Thank you
Steven

Hello Steven, thanks for your reply. What can I do in this very case: all I can do is wait?

Is there a way to know when I shall ask for a certificate again? Thanks for your help!

Hi @joueurcitoyen,

These are the certificates issued in last days:

CRT ID     DOMAIN (CN)            VALID FROM             VALID TO               EXPIRES IN  SANs
366944730  www.travesti.fr        2018-Mar-26 19:20 UTC  2018-Jun-24 19:20 UTC  88 days     www.travesti.fr
366760007  wordpress.travesti.fr  2018-Mar-26 15:25 UTC  2018-Jun-24 15:25 UTC  88 days     wordpress.travesti.fr
364515476  www.travesti.fr        2018-Mar-24 11:04 UTC  2018-Jun-22 11:04 UTC  86 days     www.travesti.fr
363471067  travesti.fr            2018-Mar-23 15:04 UTC  2018-Jun-21 15:04 UTC  85 days     travesti.fr
                                                                                            www.travesti.fr
363304813  travesti.fr            2018-Mar-23 11:12 UTC  2018-Jun-21 11:12 UTC  85 days     travesti.fr
363302823  www.travesti.fr        2018-Mar-23 11:11 UTC  2018-Jun-21 11:11 UTC  85 days     www.travesti.fr
363302737  travesti.fr            2018-Mar-23 11:11 UTC  2018-Jun-21 11:11 UTC  85 days     travesti.fr
363302291  travesti.fr            2018-Mar-23 11:10 UTC  2018-Jun-21 11:10 UTC  85 days     travesti.fr
363297045  www.travesti.fr        2018-Mar-23 11:02 UTC  2018-Jun-21 11:02 UTC  85 days     www.travesti.fr
363297033  travesti.fr            2018-Mar-23 11:02 UTC  2018-Jun-21 11:02 UTC  85 days     travesti.fr
363281834  travesti.fr            2018-Mar-23 10:42 UTC  2018-Jun-21 10:42 UTC  85 days     travesti.fr
363281291  www.travesti.fr        2018-Mar-23 10:42 UTC  2018-Jun-21 10:42 UTC  85 days     www.travesti.fr

You have issued 12 certificates:

5 certs covering www.travesti.fr
5 certs covering travesti.fr
1 cert covering travesti.fr and www.travesti.fr
1 cert covering wordpress.travesti.fr

So you have reached the 5 duplicated certificates per 7 days limit for the cert covering only www.travesti.fr and the cert covering onlytravesti.fr. For both of them you could try to issue a new cert on 2018-Mar-30 11:42 UTC

But you have already a cert covering both domains travesti.fr and www.travesti.fr and you could issue a new cert right now if it contains both domains.

I don’t know if you can cover both domains issuing them from ISPConfig but it is worth to check it, also, you should take a close look to the process to know what is goning on because you have already valid certificates and these certs should be somewhere in your server.

Good luck,
sahsanu

My suggestion is to restart you nginx and see what happens.

(according to one guide about how to issue certificates for ISPConfig)

Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.