Certificate in Plesk server


#1

Hi! First at all congratlation and thanks to people involved in this free and interesting project.

I manage a server with some clients webs. All of them one by one, about 25, I had install propelly your Let´s Encrypt certificate.

The problem is that Plesk comes with and certificate from Parallel that I cant renovate, and I wish to use one Let´s Encrypt for the server.
When I do what Plesk documentation recomend for do it I get this error:

Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.

The “Certificates per Registered Domain” rate limit has been exceeded for example.com. Let’s Encrypt allows no more than 20 certificates to be issued per registered domain, per week.

Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new cert :: too many certificates already issued for exact set of domains: example.com,www.example.com

Can you explain me how to solve this? I had read something here but cant do it, always give me the same error.

Thanks so much


#2

Without the exact domain names there is little that can be done to help.
In the interim, you could try using these free online tools:
https://letsdebug.net
https://crt.sh/
maybe they can help you better understand the problem.

(assuming you are not actually trying to issue certificates for the “example.com” domain)


#3

Hi rg305, thanks for your answer.
After know that my server is one of a lot used in Lets Encrypt for stratoserver.net (my is h2387397.stratoserver.net), I has been waiting four times to the time limit to get the server certificate, but no way. I supone there a many people waiting for the same…
This is the last message I get for trying:

RateLimit
Error
h2387397.stratoserver.net is currently affected by Let’s Encrypt-based rate limits (https://letsencrypt.org/docs/rate-limits/). You may review certificates that have already been issued by visiting https://crt.sh/?q=%stratoserver.net . Please note that it is not possible to ask for a rate limit to be manually cleared.
The ‘Certificates per Registered Domain’ limit (20 certificates per week that share the same Registered Domain: stratoserver.net) has been exceeded. There is no way to work around this rate limit. The next non-renewal certificate for this Registered Domain should be issuable after 2018-05-08 21:01:52 +0000 UTC (9h58m0s from now).

I wil try it again but I think this is not the right way to do it. Can you give me some link where to learn how can I implement a Lets Encrypt ceryificate in my server. As I told you, the web I manage in this server are propelly installed certificate (for example: webbycanarias.com, jardinesdelacalera.com, megalatina.fm, encuenytracoche.es, mykitchenbyme.com and other more)

Thanks and excuse my english.


#4

The problem is that stratoserver.net is probably not in the PSL and it will hit the rate limit very quickly
For testing you could use a DDNS name like one form dynu.net


#5

Hi, thanks. Dont understand really what you mean.
¿Do I get a DDNS name in dynu.net instead of h2387397.stratoserver.net?
And then ¿Access into my server with the DDNS name server and try to get a Lets Encrypt certificate?

This is the error I get in Plesk when trying get and certificate…

Error: No ha podido emitirse el certificado SSL/TLS Let’s Encrypt para h2387397.stratoserver.net. El límite de uso “Certificados por dominio registrado” ha sido excedido para h2387397.stratoserver.net. Let’s Encrypt no permite la emisión de más de 20 certificados por dominio registrado, por semana.
Para más información, consulte el artículo de la base de conocimiento.
Detalles adicionales del error:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new cert :: too many certificates already issued for: stratoserver.net: see https://letsencrypt.org/docs/rate-limits/


#6

h2387397.stratoserver.net is just the rDNS entry for your IP.
TLS certificates don’t care about rDNS.
The authentication is done using forward DNS.
So if you want a cert for DOMAINX.COM, then it has to resolve to your IP.
Now you could buy a domain and point it to your IP or you could just get a hostname from a free service.
They give you THE NAME and it points to your IP.
Whatever THE NAME is that it what the cert should be for.
Make sure THE NAME is from a domain included in the PSL

You may have to change your site name in plesk to match that new name and cert.


#7

Ok, thank you.
I just fix the problem.
I just rename the server from h2387397.stratoserver.net to one of my dont using domains (pointing the server name).
Finally I install the certificate in the server.
Thanks so much.


#8

Perfect!
Please mark this thread as closed/solved.


#9

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.