cPanel AutoSSL Issue, certificate “Error creating new cert :: too many certificates already issued for exact set of domains


#1

AutoSSL on my cPanel has been trying to assign a new certificate daily for one domain for at least a few days now, I had just assumed the error would go away when the certificate needed renewed but instead the renewal is getting rejected. I tried forcing the update today and got the same message.

The error message I’m seeing is:

The ACME function “https://acme-v01.api.letsencrypt.org/acme/new-cert” indicated an error: “Error creating new cert :: too many certificates already issued for exact set of domains: cpanel.winnerwinnerchickendinner .co,mail.winnerwinnerchickendinner .co,webdisk.winnerwinnerchickendinner .co,webmail.winnerwinnerchickendinner .co,winnerwinnerchickendinner .co,www.winnerwinnerchickendinner .co: see https://letsencrypt.org/docs/rate-limits/ (The request exceeds a rate limit)” (429, “Too Many Requests”, urn:acme:error:rateLimited). at bin/autossl_check.pl line 368.

All of the other domains on this hosting seem fine. This one domains has been sending warnings since at least 11/28 (as far back as the logs go). I have no idea how to fix this. Please help?

Here is the log from that attempt today.

Log for the AutoSSL run for “w--------------------------------: Thursday, December 27, 2018 5:55:05 PM GMT-0600 (Let’s Encrypt™)
5:55:05 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “w-----------------------------------------------------” …
5:55:06 PM Analyzing “winnerwinnerchickendinner .co” …
5:55:06 PM ERROR TLS Status: Defective
ERROR Certificate expiry: 12/26/18, 5:07 AM UTC (1.78 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
5:55:06 PM Performing DCV (Domain Control Validation) …
5:55:06 PM Local HTTP DCV OK: winnerwinnerchickendinner .co
Local HTTP DCV OK: www.winnerwinnerchickendinner .co
Local HTTP DCV OK: mail.winnerwinnerchickendinner .co
5:55:07 PM Local HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
Local HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
5:55:08 PM Local HTTP DCV OK: webmail.winnerwinnerchickendinner .co
5:55:08 PM Analyzing “winnerwinnerchickendinner .co”’s DCV results …
5:55:13 PM No CAA record added because there is no CAA record from another provider in the DNS for winnerwinnerchickendinner .co.
5:55:25 PM “Let’s Encrypt™” HTTP DCV OK: www.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: mail.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: webmail.winnerwinnerchickendinner .co
AutoSSL will request a new certificate.
5:55:25 PM The system will attempt to renew the SSL certificate for the website (winnerwinnerchickendinner .co: winnerwinnerchickendinner .co www.winnerwinnerchickendinner .co mail.winnerwinnerchickendinner.co webmail.winnerwinnerchickendinner .co cpanel.winnerwinnerchickendinner.co webdisk.winnerwinnerchickendinner .co).
5:55:26 PM WARN (XID mabrpz) The ACME function “https://acme-v01.api.letsencrypt .org/acme/new-cert” indicated an error: “Error creating new cert :: too many certificates already issued for exact set of domains: cpanel.winnerwinnerchickendinner .co,mail.winnerwinnerchickendinner.co,webdisk.winnerwinnerchickendinner .co,webmail.winnerwinnerchickendinner .co,winnerwinnerchickendinner.co,www.winnerwinnerchickendinner .co: see https://letsencrypt.org/docs/rate-limits/ (The request exceeds a rate limit)” (429, “Too Many Requests”, urn:acme:error:rateLimited). at bin/autossl_check.pl line 368.
5:55:26 PM The system has completed the AutoSSL check for “w--------------------------------”.

Here is a log file from a few days ago (12/25)

Checking websites for “w--------------------------” …
1:07:52 AM Analyzing “winnerwinnerchickendinner .co” …
1:07:52 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 12/26/18, 5:07 AM UTC (0.92 days from now)
ERROR Defect: ALMOST_EXPIRED: The certificate will expire very soon.
1:07:52 AM Performing DCV (Domain Control Validation) …
1:07:53 AM Local HTTP DCV OK: winnerwinnerchickendinner .co
Local HTTP DCV OK: www.winnerwinnerchickendinner .co
Local HTTP DCV OK: mail.winnerwinnerchickendinner .co
1:07:56 AM Local HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
Local HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
1:07:57 AM Local HTTP DCV OK: webmail.winnerwinnerchickendinner .co
1:07:57 AM Analyzing “winnerwinnerchickendinner .co”’s DCV results …
1:07:57 AM No CAA record added because there is no CAA record from another provider in the DNS for winnerwinnerchickendinner .co.
1:08:04 AM “Let’s Encrypt™” HTTP DCV OK: webmail.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: mail.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: www.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: winnerwinnerchickendinner .co
AutoSSL will request a new certificate.
1:08:04 AM The system will attempt to renew the SSL certificate for the website (winnerwinnerchickendinner .co: winnerwinnerchickendinner.co www.winnerwinnerchickendinner .co mail.winnerwinnerchickendinner .co webmail.winnerwinnerchickendinner.co cpanel.winnerwinnerchickendinner .co webdisk.winnerwinnerchickendinner .co).
1:08:09 AM WARN The domain “winnerwinnerchickendinner .co” is not managed on this server. You must specify an IP address to install SSL for “winnerwinnerchickendinner .co” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again. at /usr/local/cpanel/Cpanel/SSL/Auto/Provider.pm line 933.
WARN (XID ytmy6k) The system failed to install an SSL certificate onto the website “winnerwinnerchickendinner .co” because of the following error: The domain “winnerwinnerchickendinner .co” is not managed on this server. You must specify an IP address to install SSL for “winnerwinnerchickendinner .co” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.
1:08:09 AM The system has completed the AutoSSL check for “w-----------------------”.

Here is the log from 11/28

Checking websites for “w---------------------------------------------” …
1:07:46 AM Analyzing “winnerwinnerchickendinner .co” …
1:07:46 AM TLS Status: Ready for Renewal
WARN Certificate expiry: 12/26/18, 5:07 AM UTC (27.92 days from now)
1:07:46 AM Performing DCV (Domain Control Validation) …
1:07:47 AM Local HTTP DCV OK: winnerwinnerchickendinner .co
Local HTTP DCV OK: www.winnerwinnerchickendinner .co
Local HTTP DCV OK: mail.winnerwinnerchickendinner .co
Local HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
Local HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
1:07:48 AM Local HTTP DCV OK: webmail.winnerwinnerchickendinner .co
1:07:48 AM Analyzing “winnerwinnerchickendinner .co”’s DCV results …
1:07:48 AM No CAA record added because there is no CAA record from another provider in the DNS for winnerwinnerchickendinner .co.
1:07:54 AM “Let’s Encrypt™” HTTP DCV OK: webmail.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: webdisk.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: www.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: cpanel.winnerwinnerchickendinner .co
“Let’s Encrypt™” HTTP DCV OK: mail.winnerwinnerchickendinner .co
AutoSSL will request a new certificate.
1:07:54 AM The system will attempt to renew the SSL certificate for the website (winnerwinnerchickendinner .co: winnerwinnerchickendinner .co www.winnerwinnerchickendinner .co mail.winnerwinnerchickendinner .co webmail.winnerwinnerchickendinner .co cpanel.winnerwinnerchickendinner .co webdisk.winnerwinnerchickendinner .co).
1:07:59 AM WARN The domain “winnerwinnerchickendinner .co” is not managed on this server. You must specify an IP address to install SSL for “winnerwinnerchickendinner .co” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again. at /usr/local/cpanel/Cpanel/SSL/Auto/Provider.pm line 933.
WARN (XID 8gc4sv) The system failed to install an SSL certificate onto the website “winnerwinnerchickendinner .co” because of the following error: The domain “winnerwinnerchickendinner .co” is not managed on this server. You must specify an IP address to install SSL for “winnerwinnerchickendinner .co” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.

I read other threads here with similar problems but didn’t necessarily see a solution to what I am assuming is a bug

My domain is: WinnerWinnerChickenDinner.co

The operating system my web server runs on is (include version): CentOS 7.6

My hosting provider, if applicable, is: MediaTemple

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel / WHM v 76.0.14


#2

Hi,

It seems that the autossl encountered an issue when trying to request / install / check the certificate. Since this is a plugin developered directly by AutoSSL (cPanel), it’s better contact cPanel support and raise an ticket for this issue.

You could raise an ticket for this issue either at WHM (with root user) or from https://tickets.cpanel.net/review/login.cgi

Also, in the meantime, since you are being rate limited…
You could try to request a certificate only contains the root domain and www version from other web based services (do this only once) and install it onto your cPanel web service.

@_az have developed an plugin called FleetSSL for cPanel, a plugin designed to issue let’s encrypt certificates inside cPanel user panel. (And as a cPanel server admin, I’ve been using it personally) I do think this would be a better fit if cpanels AutoSSL continues to generate this messages. (Not to mention it support wildcard and custom mutli-domain certificate)

Thank you


#3

As already suggested, your best next step is to contact cPanel support.

This seems like the crux of the issue:

I’ve seen scenarios where cPanel/WHM gets “confused” and loses track of a virtual host that it is managing. That may have caused AutoSSL to go into a loop of issuing certificates and not knowing how to then install them.


#4

That sounds awful. Thanks to both of you, I’ll go post over on their forums and see what I can find out.

If anyone else has had this problem or has a potential solution I’m still here and listening.


#5

Do you run this server? If so, you should really submit a support request instead as Steven suggested, as this looks like it’ll require their support staff to login to your server. Forums won’t be much help there.

The issue you’re experiencing has actually been affecting your server since at least November 27, because the server has been re-issuing certificates on a nearly daily basis for your domain.

The specific issue I suspect this is caused by definitely has to be repaired by support (or removing/recreating the entire virtualhost, which isn’t something you want to do).


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.