Failed validation limit

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/ --preferred-challenges dns --debug-challenges -d * -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): unsure

The operating system my web server runs on is (include version): Ubuntu 22.04.3

My hosting provider, if applicable, is: Home Server

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Try adding --dry-run to that command to use the Let's Encrypt staging system. It has more flexible rate limits that the LE production system you are trying to get a cert from.

The error says you have made too many faulty requests and so are now blocked from production requests. The link in the error says your limit is 5 failures per hour per name / account

Show us the failure from the command with --dry-run.

Also, do you plan to use this cert on your own private network? Which is fine if you are. But, the DNS Challenge is often more difficult to automate and if you are going to have a web server accessible on the public internet that might be easier. Or, even using --standalone mode might be easier than DNS Challenge if you have port 80 available to the public internet.


Hi @JakeyBrs, and welcome to the LE community forum :slight_smile:

This may not fix your problem, but you should follow certbot's recommended installation instructions.
See: Certbot (

To version 2.7.3


Tried that, but for some reason it just says no matches found for *

Yes, I did that just now!

I have a question, do I need to open my port? Because I tried setting up with certbot certonly --nginx and it couldn't reach my domain "" it says time out during connection.

Yes, the --nginx plugin is very different than the DNS Challenge you were trying with your wildcard. Port 80 must be open to receive the HTTP Challenge from the Let's Encrypt server.

You should probably review this


Interesting, when I tried with the command it just says DNS records not found or something similar.

Which command. Please use more words. Your vault subdomain has an A record but your root domain does not, for example. Hard to say what exactly is going wrong if you don't show exactly the errors you get and the command you ran.


sudo certbot certonly --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel):
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: connection
Detail: Fetching Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The HTTP request to that domain from the Let's Encrypt server failed because of "Timeout during connect"

As the error says this is likely a firewall. Are you sure that IP is your public IP? Have you checked your firewalls. Check any router and its NAT forwarding.

Try using the Let's Debug site to test as you make changes to your comms and system config. HTTP connections from the public internet must work for the HTTP Challenge to succeed.


Alright! Thank you, I'll look into this and get back with you.

1 Like

The issue has been fixed, thank you.


I see this as solved, but there are still issues:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.