I've reached a limit of 5 SSL cert renewal attempts due to the recent outage - can someone tell me how long I have to wait to try again? Or if there's a way to bypass it since it's due to a tech issue?
Domain is www.compleatsoftware.com
You just have to wait an hour. The error message should have linked to a page that said this:
There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently.
4 Likes
By the way, you are getting certs far more frequently than you need. You should review your methods. Right now I see 16 active certs and you get a fresh one almost every other day
https://crt.sh/?Identity=www.compleatsoftware.com&exclude=expired&deduplicate=Y
4 Likes
Thanks, I read that but wasn't sure if it was an hour from the last attempt or not, so I tried again an hour from the first attempt and it's still an issue - so I have to wait another hour now? Sorry if this seems an odd question - our cert was due for auto renewal today and failed so the website is now without.
1 Like
See my latest post. Something is wrong with your renewal scheme
4 Likes
This is interesting - our host is SiteGround so it would be their platform sending the requests - I'll look into this and see if we can solve it.
1 Like
I've waited an hour - the error message now says try again after 06-17, is there anything I can do apart from wait 2 days or buy a premium cert?
"https://acme-v02.api.letsencrypt.org/acme/new-order" indicated an ACME error: 429 Too Many Requests (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: www.compleatsoftware.com, retry after 2023-06-17T01:26:14Z: see Duplicate Certificate Limit - Let's Encrypt)).
That's a different error and, no, there is no bypass except for the work-around explained in the rate limit paged linked to.
This error is a result of your poor method for renewing certs. I saw 16 valid certs can't you just use one of those? And, you must have gotten one more recently than shown to hit the 5 per week limit.
Perhaps more important is that your www domain is using a self-signed cert for literally example.com. Yet, your root domain is using a valid Let's Encrypt cert. Is this intended? If so why are you using a self-signed cert instead of any more recent cert.
Maybe you should backup and complete the answers to the form you were shown. I feel like we are working on this problem backwards
For example, use a site like this SSL Checker for your two domain names and compare
===========================================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
5 Likes
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.compleatsoftware.com
I ran this command: renew letsencrypt cert
It produced this output: "https://acme-v02.api.letsencrypt.org/acme/new-order" indicated an ACME error: 429 Too Many Requests (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: www.compleatsoftware.com, retry after 2023-06-17T01:26:14Z: see Duplicate Certificate Limit - Let's Encrypt)).
My web server is (include version): Wordpress v6.2.2
The operating system my web server runs on is (include version): Linux Fedora
My hosting provider, if applicable, is: SiteGround
I can login to a root shell on my machine (yes or no, or I don't know): I Don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): SiteGround's control panel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ?
I would love to but don't know how and can't find any documentation that helps - siteground is asking for CRT (which I can find), the Private Key (which I can't find) and CABundle (can't find). Could you help point out where to find these and I will gladly use an existing cert.
Did you ever setup a system to obtain your certs using DNS-01 authentication?
3 Likes
Yes this is intended, our domain example.com is separate from www.example.com due to conflicts with siteground's domain control setup and our 365 Azure AD config.
Just to remind myself and any other volunteers.
Their root domain is handled by a redirect service which happens to work even with https. So, I guess we can ignore that element
curl -I compleatsoftware.com
HTTP/1.1 301 Moved Permanently
Location: https://www.compleatsoftware.com/
Server: EasyRedir
curl -I https://compleatsoftware.com
HTTP/2 301
location: https://www.compleatsoftware.com/
server: EasyRedir
3 Likes
In SiteGround it's just a drop down of which type of SSL to install and it (apparently inefficiently) does the rest.
I was looking for a "YES" or a "NO" answer.
3 Likes
Yeah, I see that and just posted that redirect service.
But, you are using a cert with literally the name www.example.com. You don't own that name 
See:
3 Likes
that's a no
1 Like
O M G !
4 Likes
oh I see what you mean.
Could that be because the SSL cert is no longer linked within the SiteGround control panel and it's just returning default values?
You'll have to ask SiteGround.
3 Likes