Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mengyboi.xyz
I ran this command: sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.mengyboi.xyz -d mengyboi.xyz
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.mengyboi.xyz
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): unsure
The operating system my web server runs on is (include version): Ubuntu 22.04.3
My hosting provider, if applicable, is: Home Server
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0
Try adding --dry-run to that command to use the Let's Encrypt staging system. It has more flexible rate limits that the LE production system you are trying to get a cert from.
The error says you have made too many faulty requests and so are now blocked from production requests. The link in the error says your limit is 5 failures per hour per name / account
Show us the failure from the command with --dry-run.
Also, do you plan to use this cert on your own private network? Which is fine if you are. But, the DNS Challenge is often more difficult to automate and if you are going to have a web server accessible on the public internet that might be easier. Or, even using --standalone mode might be easier than DNS Challenge if you have port 80 available to the public internet.
I have a question, do I need to open my port? Because I tried setting up with certbot certonly --nginx and it couldn't reach my domain "vault.mengyboi.xyz" it says time out during connection.
Yes, the --nginx plugin is very different than the DNS Challenge you were trying with your wildcard. Port 80 must be open to receive the HTTP Challenge from the Let's Encrypt server.
Which command. Please use more words. Your vault subdomain has an A record but your root domain does not, for example. Hard to say what exactly is going wrong if you don't show exactly the errors you get and the command you ran.
sudo certbot certonly --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): vault.mengyboi.xyz
Requesting a certificate for vault.mengyboi.xyz
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The HTTP request to that domain from the Let's Encrypt server failed because of "Timeout during connect"
As the error says this is likely a firewall. Are you sure that IP is your public IP? Have you checked your firewalls. Check any router and its NAT forwarding.
Try using the Let's Debug site to test as you make changes to your comms and system config. HTTP connections from the public internet must work for the HTTP Challenge to succeed.
