Die Anzahl der von Let's Encrypt ausgegebenen Zertifikate für Ihre Domain hat die Obergrenze erreicht. (Ref. 5019)

Hallo,

mein ASUSTOR NAS kann das Zertifikat nicht mehr erneuern, weder automatisch noch manuell, ich bekomme die folgende Fehlermeldung:

"Die Anzahl der von Let's Encrypt ausgegebenen Zertifikate für Ihre Domain hat die Obergrenze erreicht. (Ref. 5019)"

Ich habe ein Zertifikat für eine Adresse, also eine einzige Adresse und dafür habe ich auch nur ein einziges Zertifikat. Ich verstehe nicht wie da eine Obergrenze erreicht werden kann, bei einer einzelnen Adresse.

Kann mir da jemand weiterhelfen?

1 Like

Hi @german-github-member and welcome to the LE community forum :slight_smile:

Please excuse my English.

The problem seems to be that too many certificates have been recently issued for that name.
[you can check this at: https://crt.sh/]
Which would indicate that the ASUSTOR NAS is having trouble using the certs that are being issued.

1 Like

Willkommen in der Let's Encrypt-Community :slightly_smiling_face:

Welchen Domainnamen verwenden Sie mit Ihrem NAS?

Das Hauptlimit beträgt Zertifikate pro registrierter Domain (50 pro Woche). Eine registrierte Domain ist im Allgemeinen der Teil der Domain, den Sie bei Ihrem Domainnamen-Registrar erworben haben. Im Namen www.example.com lautet die registrierte Domain beispielsweise example.com. In new.blog.example.co.uk ist die registrierte Domain example.co.uk. Wir verwenden die Liste der öffentlichen Suffixe, um die registrierte Domain zu berechnen. Das Überschreiten des Limits für Zertifikate pro registrierter Domain wird mit der Fehlermeldung zu viele Zertifikate bereits ausgestellt, möglicherweise mit zusätzlichen Details, gemeldet.

1 Like

@rg305
@griffin
Thank you for trying to help me!

I don't understand this. I looked at https://crt.sh/ for my NAS (https://path2hell.myasustor.com) is https://crt.sh/?q=path2hell.myasustor.com but i couldn't understand this information and i couln't see an error.

The only things i remember i changed in the last time is the setting of the ADM-Defender, from "allow every connection" to "deny every connection" (everything except internal connections).
And the country blacklist, i set every country to the blacklist and i set only Germany to the whitelist (i stay in germany and the NAS also, in my home)
Could one of these settings bee the problem?

2 Likes

Try setting all to whitelist and see if you can get a cert.
[then set them back to blocked]

1 Like

I agree with @rg305.

From your certificate history:

https://crt.sh/?q=path2hell.myasustor.com

we can see that your certificate had been successfully renewing (though not automatically) for almost three years. In my previous post (sorry for my terrible German), I mentioned that the error you received was not your fault. It's because myasustor.com gets a lot of certificates issued for its subdomain names in short amounts of time. It's odd that you would even receive that error considering that myasustor.com is on the Public Suffix List, meaning that it shouldn't run into this limitation.

// ASUSTOR Inc. : http://www.asustor.com
// Submitted by Vincent Tseng <vincenttseng@asustor.com>
myasustor.com

@lestaff

Possible failure of checking PSL resulting in inappropriate rate limit?

1 Like

@rg305
@griffin

I deactivated the blacklist, so every country should be able to connect to my NAS now. But it's not possible now to get a new certificate because of "reaching the limit of Let's Encrypt certificate" for my Domain. (Ref. 5019)

Die Anzahl der von Let's Encrypt ausgegebenen Zertifikate für Ihre Domain hat die Obergrenze erreicht. (Ref. 5019)

I had to wait now, don't know how long untill i can get a new certificate :confused:

2 Likes

Someone from the staff is responding right now, I believe. :wink:

My guess is that the Asus device is displaying a general error message that misinterprets the actual rate limit message that it received from our API. There's probably a different error involved that the PSL won't help with, like a different rate limit, or ACMEv1 deprecation.

2 Likes

That seems possible. The error message just so closely resembles the 50 per week. I can't imagine it's the duplicate certificate rate limit (unless all of the certificates haven't yet made it to crt.sh).

1 Like

@german-github-member

What is the process by which you are trying to get your certificate? Are there additional logs or outputs?

Maybe something like what's explained here:

https://www.asustor.com/de/online/College_topic?topic=324#hs32


This might be important:

- Initial release for supporting ACMEv2. (with ADM 3.4.6 and above)

1 Like

ADM version is up-to-date: 3.5.6.RHA2 (update was 2021-05-29).
Let's Encrypt ACME Client is 2.0.0.r5 (up-to-date)

The update process was mostly automatic, sometimes i've got a error message from the NAS and i updated manually in the certification manager.
image

2 Likes

The only logs or something like this, i can found is from the Systeminformation:

I can browse to the WAN-IP with port 80
http://46.128.14.170:80 = Congratulations page from NAS.
https://46.128.14.170:80 = Secure Connection Failed, An error occurred during a connection to 46.128.14.170:80. PR_CONNECT_RESET_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

In the describtion at Using HTTPS to Secure NAS Communication - ASUSTOR NAS

3.2 Getting a certificate from Let's Encrypt
is this information:
"Do not check the [Enable secured Web server (SSL)] checkbox."

This checkbox is checked, had it all the times before activated and it worked. Should i uncheck it?

1 Like

That would be expected to fail.
HTTP goes to port 80 (and that worked).
HTTPS goes to port 443 (not also to 80) and also requires a name.
[so, HTTPS to port 80 should almost always fail]
HTTPS to port 443 does connect and shows the following cert:

1 Like

I would try unchecking it to do a test renewal.
Then, either way, check it on again.
[If that helped, then do that for each renewal]

1 Like

I'm seeing a correct (404) Apache response for http://path2hell.myasustor.com/.well-known/acme-challenge/test (though there are a lot of directive errors in the output). Like with many NAS models, the NAS UI (ADM in this case) runs on port 8001.

1 Like

I don't understand the most from this, it's to complicated for me.
But i tried another thing. I deleted the old Let's Encrypt X3 Certificate and i could made a new one.
Now it's a Let's Encrypt R3 Certificate and it's good to 2021-09-26.
To check the auto update is working again i have to wait some time.

So same domainname with same email address with my NAS settings is working for creating a new R3 certificate but was not able to renew the old X3 certificate.

1 Like

That is completely understandable since the Let’s Encrypt Authority X3 intermediate certificate is no longer active due to being replaced with the R3 intermediate certificate.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.