Cannot activate Let's Encrypt for one website: rate limit?

joueurcitoyen · 2018-03-27 18:34:51 UTC

My domain is: travesti.fr

My web server is (include version): 51.255.85.241 · ns3039560.ip-51-255-85.eu

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, ISPConfig 3.1.11

Hello, people at Let’s Encrypt. Thanks for the great work. So I have got a severe problem. Friday, my LE certificate ran out and I said: “nice, it’s the best time for moving to a new server!” So I moved my site to a new server with ISPConfig 3.1.11 already setup.

I tried to upload several websites and it worked like a breeze! I just had to check “Let’s Encrypt” et voilà. But for my domain Travesti.fr, I could not make it work and I don’t know why. So what I did: I pointed my DNS to a Shopify store to see if they could activate SSL: yes they did (but I don’t know if it was Let’s Encrypt).

Then, I made my DNS back to a fresh-installed server. I installed https://troisiemesexe.fr/ and immediately worked. But not https://travesti.fr/. This is a real pain because since monday, my clients suddenly fled my store… :’( Which I easily understand, of course.

I was told: “maybe you’ve hit rate limit” but I’ve checked with https://crt.sh/ but I don’t exactly know if it is okay or not. I don’t understand it, actually.

Is there a way to know if I hit the rate limite and, if yes, when will I be able to check Let’s Encrypt again?

Thanks a lot for your help and keep up the good work!

stevenzhu · 2018-03-27 19:38:32 UTC

Hi,

---------UPDATE----------
You does hit on rate limit.

What I guess?
You probably forget to restart Nginx after the certificate issued, keep trying to ask for certificate

Do you have any error message or whatever?

As I saw your website, it just show me common name mismatch.

Thank you
Steven

joueurcitoyen · 2018-03-27 19:59:23 UTC

Hello Steven, thanks for your reply. What can I do in this very case: all I can do is wait?

Is there a way to know when I shall ask for a certificate again? Thanks for your help!

sahsanu · 2018-03-27 21:59:40 UTC

Hi @joueurcitoyen,

These are the certificates issued in last days:

CRT ID     DOMAIN (CN)            VALID FROM             VALID TO               EXPIRES IN  SANs
366944730  www.travesti.fr        2018-Mar-26 19:20 UTC  2018-Jun-24 19:20 UTC  88 days     www.travesti.fr
366760007  wordpress.travesti.fr  2018-Mar-26 15:25 UTC  2018-Jun-24 15:25 UTC  88 days     wordpress.travesti.fr
364515476  www.travesti.fr        2018-Mar-24 11:04 UTC  2018-Jun-22 11:04 UTC  86 days     www.travesti.fr
363471067  travesti.fr            2018-Mar-23 15:04 UTC  2018-Jun-21 15:04 UTC  85 days     travesti.fr
                                                                                            www.travesti.fr
363304813  travesti.fr            2018-Mar-23 11:12 UTC  2018-Jun-21 11:12 UTC  85 days     travesti.fr
363302823  www.travesti.fr        2018-Mar-23 11:11 UTC  2018-Jun-21 11:11 UTC  85 days     www.travesti.fr
363302737  travesti.fr            2018-Mar-23 11:11 UTC  2018-Jun-21 11:11 UTC  85 days     travesti.fr
363302291  travesti.fr            2018-Mar-23 11:10 UTC  2018-Jun-21 11:10 UTC  85 days     travesti.fr
363297045  www.travesti.fr        2018-Mar-23 11:02 UTC  2018-Jun-21 11:02 UTC  85 days     www.travesti.fr
363297033  travesti.fr            2018-Mar-23 11:02 UTC  2018-Jun-21 11:02 UTC  85 days     travesti.fr
363281834  travesti.fr            2018-Mar-23 10:42 UTC  2018-Jun-21 10:42 UTC  85 days     travesti.fr
363281291  www.travesti.fr        2018-Mar-23 10:42 UTC  2018-Jun-21 10:42 UTC  85 days     www.travesti.fr

You have issued 12 certificates:

5 certs covering www.travesti.fr
5 certs covering travesti.fr
1 cert covering travesti.fr and www.travesti.fr
1 cert covering wordpress.travesti.fr

So you have reached the 5 duplicated certificates per 7 days limit for the cert covering only www.travesti.fr and the cert covering onlytravesti.fr. For both of them you could try to issue a new cert on 2018-Mar-30 11:42 UTC

But you have already a cert covering both domains travesti.fr and www.travesti.fr and you could issue a new cert right now if it contains both domains.

I don’t know if you can cover both domains issuing them from ISPConfig but it is worth to check it, also, you should take a close look to the process to know what is goning on because you have already valid certificates and these certs should be somewhere in your server.

Good luck,
sahsanu

stevenzhu · 2018-03-27 22:19:31 UTC

My suggestion is to restart you nginx and see what happens.

(according to one guide about how to issue certificates for ISPConfig)

Thank you

system · 2018-04-26 22:19:49 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.