Certificate signature failed


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: smtp.caminosprotegidos.com.ar

I ran this command:Download SSL Certificate (www.sslforfree.com)
I previously verified by DNS giving ok:
TXT Record(s) Found. Make sure the value matches the value specified by the instruction for with the domain hostname:
HOST: _acme-challenge.smtp.caminosprotegidos.com.ar
TTL: 1
TXT: WBudnVbuV9wE2DPHPwqcwnDqrEfRJcluG0WFWpKYWVo

It produced this output:
Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree. If there is a rate limiting error at the end of this paragraph certificates per Domain is currently 5 per 7 days. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error finalizing order :: too many certificates already issued for: caminosprotegidos.com.ar: see https://letsencrypt.org/docs/rate-limits/”, “status”: 429 }

My web server is (include version):

The operating system my web server runs on is (include version): debían 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin version 1.890


Ongoing abuse of afraid.org domains
#2

Hi @caminos

your nameserver is ns1.afraid.org etc. So this is an afraid.org - domain.

There are a lot of certificates with subdomains caminosprotegidos.com.ar

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:caminosprotegidos.com.ar&lu=cert_search

So this hit your limit.

But: This is a feature of afraid.org, not a bug. You have there a domain - everyone can create subdomains with your domain. That hits the Letsencrypt - limit.

Same problem:

Your _acme-challenge - record is correct. But if you really want to use your own domain with Letsencrypt, you shouldn’t use afraid.org.

There are other free domain provider like https://www.freenom.com/


#3

@caminos This does seem to be an unavoidable problem with afraid.org. My guess is that a subdomain was created, used to generate SSLs for a few days and then removed. This likely happens multiple times.

I have since moved to NameCheap instead.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.