cPanel attempts to renew unexpired certificates

My domain is: ordmv.rwre.com, idxphotos.rwre.com, devatis.rwre.com, dev.rwre.com and others

I ran this command: cron

It produced this output: continuous various failure and renewal emails every 12 hours.

8/12/2019 10:11 am and pm: Automatic Let’s Encrypt renewal for ordmv.rwre.com was attempted and failed.
This certificate expires on 2019-11-06 10:59:07 -0500 EST.

Unable to renew certificate: Error creating new order: acme: error code 429 “urn:ietf:params:acme:error:rateLimited”: Error creating new order :: too many certificates already issued for exact set of domains: ordmv.rwre.com: see https://letsencrypt.org/docs/rate-limits/

You can configure/re-install/remove this certificate by logging into cPanel, and visiting the Lets Encrypt SSL page.

8/13/2019 10:21 AM: Automatic Let’s Encrypt renewal for ordmv.rwre.com was completed.
The certificate now expires on 2019-11-11 11:21:55 -0500 EST.

This certificate will be automatically renewed at that point.

My web server is (include version): Apache/2.4.39 (cPanel)

The operating system my web server runs on is (include version): centos 6.10 kernel version 2.6.32-754.10.1.el6.x86_64

My hosting provider, if applicable, is: Liquidweb

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 82.0.9

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): unknown (command not found as root)

The auto renewal cron is attempting to renew all certificates every 12 hours. Renewals succeed until the rate limit applies and then fail until the rate limit expires. This is happening on two of 3 cpanels on the server. Liquidweb support is excellent but has not been able to determine the reason for the failure of certbot to detect that the certificates are still valid. They have uninstalled and reinstalled Let’s Encrypt on the server in an attempt to fix.

I have changed the thread title to indicate that this is not about Certbot.

Could you please submit a technical support request making sure to include the requested support data/ID? I’m one of the authors of the cPanel plugin you are using. I can help you solve this, but I need some diagnostic info to see what’s happening.

3 Likes

I do not have the license info to create a support request. I have forwarded this to Liquidweb support.

Don’t worry about it. Just skip the licence fields.


Edit: This was narrowed down to (1) the cPanel API failing to report any installed SSL certificates on a cPanel account, and (2) the Let’s Encrypt functionality interpreting their absence as every certificate on the account requiring renewal.

1 Like