Constant rate limit emails

Help
1

I am getting emails every day pointing out “rate limit” issues for grahamjones.net

The associated help page says that I am limited to 50 per day per domain.

I have only applied for certificates for this domain twice in the last month. Yet, every day I am getting notices saying that renewals are not possible due to exceeding the rate limit.

How am I exceeding the rate limit?

How can I stop the annoying emails?

I am using Plesk 17.8.11 on a Debian 9 server.

Plesk has the latest LetsEncrypt extension.

If I initiate a manual renewal, it works OK and no rate limit notice is produced.

So how am I getting rate limit messages when the next renewal on Plesk is not due for another 90 days.

What can be triggering the excessive renewals?

I can’t find anything on the server that is doing it.

Help…!

Thanks

Graham

2

well, this page don't quite agree. It's said that this test site had problems and it missed quite a few certificates these last weeks, yet it's counting no less than 54 certificates for your domain in this period :slight_smile:
My own site has consumed 3 LE certificates last month.

1 Like
3

Hi @grahamjones

that looks really terrible ( https://check-your-website.server-daten.de/?q=grahamjones.net#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
905398909 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-11 06:01:11 2019-08-09 06:01:11 grahamjones.net
1 entries duplicate nr. 1
902395424 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-09 12:34:27 2019-08-07 12:34:27 grahamjones.net, webmail.grahamjones.net
2 entries duplicate nr. 5 next Letsencrypt certificate: 2019-05-16 07:34:28
902246194 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-09 10:34:31 2019-08-07 10:34:31 grahamjones.net, webmail.grahamjones.net
2 entries duplicate nr. 4
902182927 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-09 09:34:28 2019-08-07 09:34:28 grahamjones.net, webmail.grahamjones.net
2 entries duplicate nr. 3
902110912 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-09 08:34:29 2019-08-07 08:34:29 grahamjones.net, webmail.grahamjones.net
2 entries duplicate nr. 2
902036727 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-09 07:34:28 2019-08-07 07:34:28 grahamjones.net, webmail.grahamjones.net
2 entries duplicate nr. 1
890943430 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-02 12:34:28 2019-07-31 12:34:28 grahamjones.net, webmail.grahamjones.net
2 entries
890875664 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-02 11:34:28 2019-07-31 11:34:28 grahamjones.net, webmail.grahamjones.net
2 entries
890800736 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-02 10:34:27 2019-07-31 10:34:27 grahamjones.net, webmail.grahamjones.net
2 entries
890742920 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-02 09:34:27 2019-07-31 09:34:27 grahamjones.net, webmail.grahamjones.net
2 entries
890607996 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-05-02 07:34:28 2019-07-31 07:34:28 grahamjones.net, webmail.grahamjones.net
2 entries
880494367 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 13:34:27 2019-07-24 13:34:27 grahamjones.net, webmail.grahamjones.net
2 entries
880345785 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 11:34:29 2019-07-24 11:34:29 grahamjones.net, webmail.grahamjones.net
2 entries
880285296 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 10:34:28 2019-07-24 10:34:28 grahamjones.net, webmail.grahamjones.net
2 entries
880236229 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 09:34:28 2019-07-24 09:34:28 grahamjones.net, webmail.grahamjones.net
2 entries
880105265 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-04-25 07:34:30 2019-07-24 07:34:30 grahamjones.net, webmail.grahamjones.net
2 entries

Every week 5 identical certificates, then one week blocked, the following week the next.

That startet 2019-03-21 08:34:40

Looks like you have used tls-sni-01 validation, that's not longer supported. Stopped 2019-03-15.

You have created new certificates. Looks like the instance doesn't see the new certificate, so the next renew follows.

Or is there an additional Certbot?

4

I have no idea what you are saying…!

All I have is a Plesk server, with a LetsEncrypt extension.

That extension works perfectly for all the other sites on the server.

I have not changed any settings.

So why are there all those entries for one domain on the server?

I am not technical. I have not done anything manual. All I have done is use the LetsEncrypt extension on Plesk for this domain in exactly the same way as for all the other domains on the server - all of which are working OK and the certificate renewals working properly.

How do I solve it?

5

How is that happening? That’s what I need to understand and stop.

All I have done is use the Plesk LetsEncrypt extension. It works perfectly OK on all the other domains on the server with no rate limiting issues or failures.

Why is it going wrong with just one domain?

6

I don't know.

A typical setup has one client (plesk, certbot etc.) and one certificate.

The certificate is checked daily if it is minimal 30 days valid.

If not, it is renewed and replaces the old certificate.

So one new certificate every 60 - 85 days.

Perhaps your Plesk configuration is buggy. Or ask in the Plesk forum.

7

Sorry, I have no knowledge on Plesk; as a wild guess, maybe when you think that you renew you are triggering a new certificate ? when you use graphical consoles like that, it’s very nice but when things go wrong it’s difficult to see what happens without knowing how to access the logs.

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.