Could not issue an SSL/TLS certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ababa.ch

I ran this command:

It produced this output: Could not issue an SSL/TLS certificate for ababa.ch
Details

Could not issue a Let's Encrypt SSL/TLS certificate for ababa.ch .

One of the Let's Encrypt rate limits has been exceeded for ababa.ch .

See the related Knowledge Base article for details.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: hosttech.eu

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I couldn't renew the certificate nor install it again. It says that " One of the Let's Encrypt rate limits has been exceeded for ababa.ch

can you please halp

1 Like

You've generated 5 certificates the last two days: https://crt.sh/?Identity=ababa.ch&deduplicate=Y

Why did you need to issue those 4 extra certificates? Did something not work in the first place? If so, what didn't work? Where did the certificates go?

If you don't have an means to use one of those 5 certificates, please ask your hosting provider for assistance. There probably isn't anything we can do to help if it's a bug in the Plesk ACME client, but I'm also not sure if that's the case.

1 Like

Hi Osiris,
thanks for your reply.
I fact the certificate didn't work proberly thus I was trying to reinstall it.
it works only for my domain as ababa.ch and not for www.ababa.ch nor for webmail.
I guess some bug is out there, which you need to get red of.

Could you please delete all of them to allow me to install it again?
thanks for you understanding
rgrds,

1 Like

We? Which "we" do you mean? Volunteers like me here on this Community who do not have any relationship with Let's Encrypt? Or did you mean Let's Encrypt? Or did you perhaps mean the developers of the cPanel control panel? Or perhaps the system operators of your hosting provider?

Also, as you're talking about pretty basic certificates, I'm almost 100 % sure this isn't a bug at Let's Encrypts end. That leaves a bug in cPanel or a configuration issue at your hosting provider. With both those two options, there's nothing Let's Encrypt can do.

There's nothing to delete. The certificates have been issued, the resources have been consumed already and there's nothing possible to revert that. Please read the rate limit documentation linked at the end of your first post.

I recommend to contact your hosting provider with regard to your issue, as they maintain your cPanel configuration panel.

1 Like

Calm dowen Osiris I am just newbe to all of this and thought you're admin and able to help.
Again many thanks to all people of Let's Encrypt for this effort.

1 Like

Ignorance might be bliss, but in my personal opinion not an excuse. Perhaps the rate limit documentation should include some info about "deleting" certificates, although I'm afraid as there isn't something to delete at Let's Encrypts end, it might be more confusing to some who have a little bit better understanding about how Let's Encrypt works.

You're of course more than welcome to ask for help on this Community and in this thread if your hosting provider refuses to help or says it isn't something they can fix, but should be fixed by Let's Encrypt. If they say the latter, they're probably wrong (wouldn't be the first hosting provider to say so), but in that case we might help you to make them understand their own issue/bug better.

Also, on another note: did you realise your www subdomain doesn't have a DNS entry? www.ababa.ch results in a DNS error. I don't know if you manually edit your DNS zone or if this is something done by your hosting provider. But without a DNS entry, you won't be able to get a certificate for it.

1 Like

@Osiris

Been drinking the extra-leaded coffee again I see. :wink:

@ababa

He means well. Passion runs high today in the Netherlands. :upside_down_face:

  1. Kudo's for using the correct name of my country this time :stuck_out_tongue:
  2. I'm actually on Curaçao? Although, while it's a separate country, it is part of the Kingdom of The Netherlands. :thinking: :laughing:
2 Likes

Ooooooo, a cPanel fun times! Also, @Osiris - you okay over there? What the heck is going on in the Netherlands that I don't know about lol. I don't know if I ever have seen you react so quickly and passionately to a post! We are of course here to help everyone, I remember when I first started working at Let's Encrypt and had no clue on... anything. Our community and team is quick to help, understanding, and gracious - and that's what we strive to be every day! :heart: And I wouldn't be where I am now without y'all.

Okay, yes, I would definitely contact your hosting provider for help. I also cannot tell you how many people I have had reach out to me directly for hitting the duplicate certificate rate limit in cPanel. @ababa can you let us know what they say? I wonder if there is a better back-off mechanism we could push cPanel to have so people don't hit this anymore.

If you want ways to work around the duplicate certificate rate limit, there are lots of good threads about it on this forum! Let me/us know if you need help finding them. The duplicate certificate rate limit is unfortunately not one we can remove or raise.

1 Like

@jple My bad, but it's actually Plesk. I mixed them up in my head earlier. The link to that KB is from Plesk, so I assume OP isn't using cPanel, but Plesk.

2 Likes

no worries! They are SUPER similar! Question still stands, would love to know what the hosting provider has to say and perhaps I will reach out to both Plesk and cPanel. If we can get the client/platform to back-off BEFORE they hit a hard stop on a rate limit so that they could get one they can actually use, that would be grand.

2 Likes

Let me guess, you've been reading Notification before rate-limit reached ? :stuck_out_tongue:

1 Like

@jple

Funny you should mention that... :smirk:

I hadn't seen this post but it gives a lot of good ideas that I definitely want to talk to the team about. I will reply there if I have anything meaningful to add!

Now that we are sufficiently off-topic, I think this is closed until @ababa writes back with what they hear from their hosting provider. Thanks for your help y'all, stay kind, stay helpful, and keep securing the Web!

1 Like

Hello everyone,
One more time, many thank for everyone who participated and tried to help in this thread.
Today I got the an answer from the hosting provider. Like many of you suggested, seems the problem was from their side. They provided me with a tutorial video how to set up the DNSSEC, it's here.
I followed and conducted the steps correctly still not sure becuase I deleted and installed the certificates unaware many times. How to delete it from Let's encrypt and install it again, this will be my next question for you guys.
rgrds,

2 Likes

Currently, there's no DNSSEC issue: https://dnsviz.net/d/ababa.ch/dnssec/

Also, there wasn't any DNSSEC issue to begin with, as you succesfully got multiple certificates issued in the first place! If there were a DNSSEC issue, Let's Encrypt would have refused to issue a certificate. And as that's clearly not the case, there also wasn't a DNSSEC issue. It isn't mandatory.

This might be something to begin with: why do the issued certs get deleted? Why aren't they used?

There's nothing to delete at Let's Encrypts end. If you're talking about the rate limit in place: please read the rate limit documentation.

Also, did you read my previous post?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.