Hitting SSL Limits


#1

We just noticed that LetsEncrypt is no longer issuing certificates on our server. Checking further, we noticed the following errors

Dec 20 09:37:39 Server letsencrypt.live.cgi: time="2018-12-20T09:37:39+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"
Dec 20 09:37:59 Server letsencrypt.live.cgi: time="2018-12-20T09:37:59+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"
Dec 20 09:38:19 Server letsencrypt.live.cgi: time="2018-12-20T09:38:19+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"
Dec 20 09:38:39 Server letsencrypt.live.cgi: time="2018-12-20T09:38:39+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"
Dec 20 09:38:59 Server letsencrypt.live.cgi: time="2018-12-20T09:38:59+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"
Dec 20 09:39:20 Server letsencrypt.live.cgi: time="2018-12-20T09:39:20+01:00" level=error msg="Failed to process AutoSSL" Username=user error="Skipping AutoSSL for user because server is too close to ACME Registrations rate limit"

This is a shared server and has quite a number of users on it. Can someone advise on how to handle this?

Thanks


#3

Hi,

I implemented this limit.

It basically mostly affects cPanel servers with many existing accounts that only recently had automatic certificate issuance enabled.

The reason it exists is to prevent people who try to manually issue Let’s Encrypt certificates via the cPanel interface from running into ACME account registration limits.

It is a safety precaution to ensure availability for on-demand users. By, default, 70% of the ACME account registration rate limit capacity is dedicated to automatic SSL, and 30% is reserved for on-demand use. The rate limit window is 3 hours.

If you need to issue a certificate, you should be able to do so successfully via the cPanel user interface.

The plugin will automatically continue to automatically register new ACME accounts when it is safe to do so. After a few days, this limit will no longer be a factor.

If you need further support with the plugin, please contact us directly.