Error requesting new certificates


#1

Hello.
I did not do spam. I really need certificates for these subdomains. I get such errors:

Simulating challenges:
Testing: surgut.itis-n.ru…OK
Validating domains:
Validating: surgut.itis-n.ru…OK [176.120.25.236]
Generating Certificate Signing Request (CSR)…OK
Requesting Certificate…Error: request failed: 429 [Too Many Requests]: https://acme-v01.api.letsencrypt.org/acme/new-cert

My domains is: m.surgut.itis-n.ru surgut.itis-n.ru sur.itis-n.ru app.surgut.itis-n.ru

I ran this command my script:

#!/bin/bash

PWD=`pwd`

cd /usr/local/lib/acme

SSLDIR="/etc/nginx/ssl"
ACC_KEY="/usr/local/etc/acme_account.key"

declare -A DOMAINS
DOMAINS["surgut.itis-n.ru"]="/var/www/html"
DOMAINS["sur.itis-n.ru"]="/var/www/html"
DOMAINS["app.surgut.itis-n.ru"]="/var/www/html"
DOMAINS["m.surgut.itis-n.ru"]="/var/www/html"

for DOMAIN in "${!DOMAINS[@]}"; do
        echo $DOMAIN --- ${DOMAINS[$DOMAIN]};
        mkdir -p $DOMAIN
        certle genrsa 4096 > $DOMAIN.pem
        certle cert $ACC_KEY $DOMAIN.pem -w ${DOMAINS[$DOMAIN]} -d $DOMAIN --csr csr.pem --cert cert.pem --chain chain.pem --fullchain fullchain.pem
        mv cert.pem $SSLDIR/$DOMAIN
        mv chain.pem $SSLDIR/$DOMAIN
        mv csr.pem $SSLDIR/$DOMAIN
        mv fullchain.pem $SSLDIR/$DOMAIN
        mv $DOMAIN.pem $SSLDIR/$DOMAIN
done

/etc/init.d/nginx reload

cd $PWD

Files in /usr/local/lib/acme

CertLE.inc.php  CertLE.php  LE.inc.php

It produced this output: Requesting Certificate…Error: request failed: 429 [Too Many Requests]: https://acme-v01.api.letsencrypt.org/acme/new-cert

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Server OS Debian 9 . Client OS Windows 10 .

My hosting provider, if applicable, is: Netpoint LLC

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Certificate logs show otherwise: https://crt.sh/?q=%itis-n.ru

You need to ensure your usage of the Let’s Encrypt service does not exceed the rate limits stated in: https://letsencrypt.org/docs/rate-limits/

You have most likely run into this rate limit:

The main limit is Certificates per Registered Domain, (20 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk. We use the Public Suffix List to calculate the registered domain.

Consider putting multiple names on the same certificate or using a wildcard, in a week when your rate limit is lifted.


#3

Ok. Thank you so much.


#4

Please tell me how to make one certificate to be used on all subdomains? I specified the * and it did not help


#5

Hi @MrConstantine,

To issue a wildcard certificate *.yourdomain.tld the client used must use the new API v2. I suppose you are using this client https://github.com/skoerfgen/CertLE and it has not been updated to use the new API v2, I’ve checked the forks and none of them implements the new API v2 so you can’t issue wildcard certs with this client.

You could open an issue to the developer asking for API v2 support or you can use another client supporting API v2 like certbot or acme.sh.

Edit: Also, keep in mind that wildcard certificates must use the dns challenge so your dns provider should provide an API to add records automatically or you will need to perform the process manually which is a pain for renewals.

Good luck,
sahsanu


#6

@sahsanu

Thank you! I will update this project.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.