Issue with Expired Certificate & Rate Limit in a peculiar way beyond my humble understanding

Hello there!

First, thanks for this great initiative and project! Been using it for a little bit and love it.

Today I’ve came to an issue with a Expired Certificate (details below) and I could not manually renew it as I got a message of reaching the limit. Oddly enough this is just a simple domain, with not even subdomain and just one certificate. So I follow your documentation and checked the logs at ctr and google transparency:

https://crt.sh/?q=gabrielfariasiribarren.com
https://transparencyreport.google.com/https/certificates

I’ve realize that there are several certificates, with expiry date December 2017?
Checking the server, I’ve realize that the cron job was run daily in the last few days, I this might have be the cause of the issue. I’ve now moved this back to monthly.

However the question is still the same:

Why is it showing a expired certificate even if they appear to be valid?

Is there any way to solve this issue?

Is it there anything I can do rather than just wait for 7 days?

I just want to be sure to find the root cause of the issue to understand it, find a permanent solution and avoid bothering you guys again.

Thanks for your patience and help.

Truly appreciated.

Love.

My domain is:
https://gabrielfariasiribarren.com/

I ran this command:
Basically it was a cron job from plesk that runs:
/usr/local/psa/admin/bin/php -dauto_prepend_file=sdk.php ‘/usr/local/psa/admin/plib/modules/letsencrypt/scripts/renew.php’

It produced this output:
[2017-09-28 11:23:58] ERR [extension/letsencrypt] Failed to renew certificate of domain ‘gabrielfariasiribarren.com’: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new cert :: too many certificates already issued for exact set of domains: gabrielfariasiribarren.com,www.gabrielfariasiribarren.com

My web server is (include version):
Plesk Onyx v17.5.3_build1705170317.16 os_CentOS 7

The operating system my web server runs on is (include version):
CentOS Linux 7.4.1708 (Core)

My hosting provider, if applicable, is:
1and1 VPS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk / Let’s Encript Plugin

It is likely that your ACME client - which, as I understand it, would be a Plesk plugin - is running into some kind of error that’s preventing it from replacing the certificate on your server. Certificate Transparency shows that the certificates are successfully issued, but for some reason, they don’t end up being installed on your web server, and the web server continues to use an older, now expired certificate. A renewed certificate is effectively just a new certificate, so this not just a date that gets updated on a remote server, but rather an entirely new file that needs to be installed on your web server.

I don’t know much about Plesk, so I can’t say what the issue might be. If you have logs, try to check for errors that occurred before you started getting the rate-limiting error. for example from around the end of August. If you find the error and don’t know how to resolve it, it is likely that you’ll find more help on the Plesk Forum (since it’d probably be more of a Plesk problem than one specific to Let’s Encrypt), but you can of course try your luck here anyway.

As for your recovery options once you have figured out what the issue is, the specific rate limit you’re running into is one for identical certificates - ones that include the exact same set of domain names - so a way to get around it would be to add some other subdomain to your certificate request for now, i.e. ``www2.gabrielfariasiribarren.com`. You can remove that domain again with your next renewal if you want to. Unfortunately, I don’t know how to do this in Plesk.

Hello pfg! Thanks for your detailed response! Much appreciated… my deepest respect for your time and help!

Following your indications I was able to find the root cause of the issue! and it is solved now!
Indeed was the data on the plugin not been updated correctly. I’ve manually import the files to the extension and now it works well!

Thanks again!

Wish you all the best, now and ever…

Regards.

Sorry to tag onto this thread, but I have a similar issue and clueless on how to resolve it. We have expired certs and our Cpanel indicates to request new certs from LE. How do I go about doing that? Our domain is hollismaine.org. I was told these certs are automatically renewed, so perhaps I am jumping the gun since they just expired yesterday? Much thanks, B

go to the cpanel forums and ask them there

The challenge with 3rd Party Plugins from Plesk and CPanel is they are closed source and if there are changes they are not documented.

Andrei

@adminsecretary, you might also be able to get help with this from your hosting provider’s support because they may be the ones who set up cPanel for you. In that case, it’s possible that they made some kind of mistake in the way that they’ve set up cPanel.

Thank you! I think that is the case as well and they keep passing the buck.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.