mein ASUSTOR NAS kann das Zertifikat nicht mehr erneuern, weder automatisch noch manuell, ich bekomme die folgende Fehlermeldung:
"Die Anzahl der von Let's Encrypt ausgegebenen Zertifikate für Ihre Domain hat die Obergrenze erreicht. (Ref. 5019)"
Ich habe ein Zertifikat für eine Adresse, also eine einzige Adresse und dafür habe ich auch nur ein einziges Zertifikat. Ich verstehe nicht wie da eine Obergrenze erreicht werden kann, bei einer einzelnen Adresse.
The problem seems to be that too many certificates have been recently issued for that name.
[you can check this at: https://crt.sh/]
Which would indicate that the ASUSTOR NAS is having trouble using the certs that are being issued.
Das Hauptlimit beträgt Zertifikate pro registrierter Domain (50 pro Woche). Eine registrierte Domain ist im Allgemeinen der Teil der Domain, den Sie bei Ihrem Domainnamen-Registrar erworben haben. Im Namen www.example.com lautet die registrierte Domain beispielsweise example.com. In new.blog.example.co.uk ist die registrierte Domain example.co.uk. Wir verwenden die Liste der öffentlichen Suffixe, um die registrierte Domain zu berechnen. Das Überschreiten des Limits für Zertifikate pro registrierter Domain wird mit der Fehlermeldung zu viele Zertifikate bereits ausgestellt, möglicherweise mit zusätzlichen Details, gemeldet.
The only things i remember i changed in the last time is the setting of the ADM-Defender, from "allow every connection" to "deny every connection" (everything except internal connections).
And the country blacklist, i set every country to the blacklist and i set only Germany to the whitelist (i stay in germany and the NAS also, in my home)
Could one of these settings bee the problem?
we can see that your certificate had been successfully renewing (though not automatically) for almost three years. In my previous post (sorry for my terrible German), I mentioned that the error you received was not your fault. It's because myasustor.com gets a lot of certificates issued for its subdomain names in short amounts of time. It's odd that you would even receive that error considering that myasustor.com is on the Public Suffix List, meaning that it shouldn't run into this limitation.
// ASUSTOR Inc. : http://www.asustor.com
// Submitted by Vincent Tseng <vincenttseng@asustor.com>
myasustor.com
I deactivated the blacklist, so every country should be able to connect to my NAS now. But it's not possible now to get a new certificate because of "reaching the limit of Let's Encrypt certificate" for my Domain. (Ref. 5019)
Die Anzahl der von Let's Encrypt ausgegebenen Zertifikate für Ihre Domain hat die Obergrenze erreicht. (Ref. 5019)
I had to wait now, don't know how long untill i can get a new certificate
My guess is that the Asus device is displaying a general error message that misinterprets the actual rate limit message that it received from our API. There's probably a different error involved that the PSL won't help with, like a different rate limit, or ACMEv1 deprecation.
That seems possible. The error message just so closely resembles the 50 per week. I can't imagine it's the duplicate certificate rate limit (unless all of the certificates haven't yet made it to crt.sh).
I can browse to the WAN-IP with port 80 http://46.128.14.170:80 = Congratulations page from NAS. https://46.128.14.170:80 = Secure Connection Failed, An error occurred during a connection to 46.128.14.170:80. PR_CONNECT_RESET_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
That would be expected to fail.
HTTP goes to port 80 (and that worked).
HTTPS goes to port 443 (not also to 80) and also requires a name.
[so, HTTPS to port 80 should almost always fail]
HTTPS to port 443 does connect and shows the following cert:
I don't understand the most from this, it's to complicated for me.
But i tried another thing. I deleted the old Let's Encrypt X3 Certificate and i could made a new one.
Now it's a Let's Encrypt R3 Certificate and it's good to 2021-09-26.
To check the auto update is working again i have to wait some time.
So same domainname with same email address with my NAS settings is working for creating a new R3 certificate but was not able to renew the old X3 certificate.
That is completely understandable since the Let’s Encrypt Authority X3 intermediate certificate is no longer active due to being replaced with the R3 intermediate certificate.
