Certificate not renewed


#1

The LE SSL certificate on one of my sites theglastonburytarot.co.uk expired at 8.10 this morning and did not automatically renew as I thought it should. I contacted my host who said “Unfortunately during the past several days Lets Encript have introduced some new limits over the SSL certificates issued and this delays renewals”.

This doesn’t sound very helpful. Is there something I can do other than wait?

Thanks G


#2

Most rate limits are limiting the amount of certificates issued and are “connected” to the amount of certificates already issued for a certain domain.

But as your certificate has expired and there are no new certificates issued recently, I’m not sure which rate limit your hosting provider is referencing to.

It could be one of the following rate limits:

  • Failed Validation
  • Overall Requests
  • Accounts per IP Address/Accounts per IP Range
  • Pending Authorizations
  • New Orders

But if you read the explanation of those rate limits on the page linked above, you’ll notice those rate limits are not actually ‘connected’ to your domain name, but more ‘linked’ to how your hosting provider would request certificates from Let’s Encrypt.

So if your hosting provider is responsible for the certificate issuing, I would recommend you ask them again which specific rate limit is being hit and remark that there are no recent certificates for your domain name issued (see link to crt.sh linked above) and thus it should be something your provider needs to fix.

Also, I’m curious which limits Let’s Encrypt introduced that recently, as claimed by your hosting provider.

Also number 2: I’m moving your thread to the Help section, as you’re actually looking for help and not actually having troubles directly related to issuing any certificates yourself.


#3

Thanks for your help. I have gone back to my host and hopefully they can explain.


#4

Hi @gandalf458

do you have access to the webserver? Look there

Perhaps you can create a certificate and install it.

I don’t know something about “new limits during the past several days”.


#5

In future, it would be safer to renew the certificate with more time before it expires.

It’s common to renew certificates every 60 days. That way you have 30 days to resolve problems.


#6

Sounds like a good idea, thanks. I shall have to check when they all expire.

My host replied: Indeed trouble is not related to your particular domain but it the shared server configuration. I am afraid that we do not have such details which limit is reached exact and can not offer such. All information which we have on that was provided.

However, the certificate appears to have been renewed now.

Thanks all for your help and suggestions.


#7

Let’s Encrypt always returns an error message, which almost always explains what’s happening. If they don’t understand it, they can ask here. If they don’t log error messages… they should.

I’m glad you have a new certificate, though.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.