The certificate for my site was created months ago, and has auto-renewed many times. It is about to expire in 4 days and has failed to auto renew. For the last few days I have been trying to manually update through the Asustor NAS Certificate Manager, but it keeps giving the error "the number of certificates issued by Let's Encrypt for your domain name has reached its limit. (Ref. 5019)." - I only have one certificate.
I've checked on crt.sh and the last time a certificate was issued was on 31-01-25. I've also checked using Let's Debug and the test says "All OK." The ports 80 & 443 are open on my system, 80 goes to the Webserver and 443 goes to a Jellyfin server. I've tried setting port 443 to the Webserver instead of Jellyfin with no change.
I'm stuck and don't know what else I can do to get this certificate renewed. Can anyone be of help?
myasustore.com is in the PSL since 2016, and I can find only one unexpired certificate. This is the best possible condition and it doesn't justify this error.
To be honest, I'm not sure where to look. The only log file I can find that mentions the certificate is under "System Information" and is listed as the "System Log" - Clicking the update button manually doesn't create a log entry, though I have found repeated entries from days ago that seem to be generated by the Certificate Manager itself. They say "Certificate update failed. Not signed in with an Asustor ID"
I've checked and under "Settings, Registration" I am signed in correctly.
Thanks for the reply, but I've already read it. In that case they deleted & recreated the certificate to solve the issue, I would much rather find the cause so I can ensure it doesn't happen again.
For enormous amounts of certs (which is likely with such a customer subdomain service), crt.sh often isn't capable of getting all the certs. @MikeMcQ can get the list of certs from other sources though.
I think the errors I'm getting are being misreported.
From the manual attempt to renew: "the number of certificates issued by Let's Encrypt for your domain name has reached its limit. (Ref. 5019)" - I've only got, and have only ever had, one certificate. It was created through the NAS Certificate Manager and has been automatically renewed for months by the NAS every 60 days.
From the NAS log file: "Certificate update failed. Not logged in with an ASUSTOR ID" - According to my NAS I am logged in correctly.
I'm at a loss as to whether this is a LetsEncrypt issue or an Asustor problem, and without knowing what else to check the only thing left to try is deleting the old certificate and creating a new one. I'd much rather find the cause of this issue though, and not just a way around it.
I don't know if that's possible, but I'd try to log out and back in again. Something weird is going on, and I assume that login is necessary to perform dns-01 validation through their infrastructure.
If the logs don't provide a more detailed reason (perhaps it's indeed that Asustor ID login thingy, I dunno, perhaps for the dns-01 challenge?), then it's hard if not impossible for us to debug this.
Ok, seeing as debugging this problem would be a PITA, I decided to delete the certificate and create a new one. Now it's giving me the error "dudgeware.myasustor.com is invalid. Please ensure that your domain name can be successfully connected to using port 80. (Ref. 5056)" - Both ports 80 and 443 are working fine, 80 redirects straight to my web server so once again I have no idea what the issue is. Once again, nothing in the system log other than this error popping up when trying to create the certificate.
In the past I haven't had a web server running as my NAS is used for Jellyfin and that's the only thing I want to have outside access. Without the web server, the certificate had no problems being created or updating in the past, so I'm going to try disabling Nginx and redirecting both ports 80 & 443 to Jellyfin as it was before. I only enabled the web server AFTER having the update issue as part of my efforts to solve the issue.
Not right now, no. I'm messing with settings trying to get it going again, and without those ports being accessible at all I've successfully created a new certificate with a new name, Haven-03.myasustor.com. This is making no sense to me at all. I'm about to create a reverse proxy for Jellyfin access, and hopefully problem solved by simply changing the name as it seems my original one no longer works for some unknown reason.
Ok, all sorted now, though I still have no idea what the problem was.
I've disabled my web server, so both ports 80 & 443 are now closed. Even so, the Asustor ADM successfully created the new certificate with a different name after changing my Asustor Cloud ID. I edited my old reverse proxy to reflect the change and now everything is back to normal.
Thanks for your time & input everyone, I'll be contacting Asustor support to see if they can shed any light on why this has happened.