Issue renewing certficate

is this a matter of trying everyday ?

root@vorman:~/lets# ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
strong text


Although the domain seems to be a free DDNS domain, it is not found in the PSL.
You might want to switch to a free domain that is [to avoid other related problems in the future].

However, "too many failed authorizations recently" is an indication of a completely different problem most likely directly related to the ACME client in use (or one of the underlying components).

I would strongly recommend that, if possible, you switch from certbot-auto to certbot via snapd.

1 Like

This is the Let's Encrypt CA letting you know that you've run certbot too many times trying to acquire a certificate without satisfying the selected challenge(s) (e.g. http-01, dns-01).

You can add --dry-run to your certbot certonly and certbot renew commands to test using the staging servers, which issue false certificates and have much higher rate limits.

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.