Le nombre maximum de demandes de certificat est atteint pour ce nom de domaine

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais : OUI

Mon nom de domaine est : anguxbox.ovh

J’ai exécuté cette commande : Je passe par l'interface DSM de Synology

Elle a produit cette sortie : Le nombre maximum de demandes de certificat est atteint pour ce nom de domaine

Mon serveur Web est (inclure la version) : DSM 7

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :

Mon hébergeur, le cas échéant, est : J'héberge sur un NAS

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : NA

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : DSM 7

Merci pour votre aide.

Avant d'avoir cette erreur j'ai eu un message comme quoi mon port 80 n'était pas ouvert. Pourtant le port 80 est bien ouvert. J'ai créer le domaine et le certificat en décembre dernier et fait un renouvellement en février sans aucun problème. Je ne comprends pas pourquoi ça ne fonctionne pas aujourd'hui, mon certificat ayant expiré le 27 mai dernier.

Vous remerciant pour votre aide.

I do not see that a certificate with that domain has ever been issued.

There are Let's Encrypt Rate Limits that are similar to the message you show. But, Synology also has a similar error for its own.

We cannot tell which it is without the actual domain name. My best guess is it is the Synology error and I know the Synology forum often helps people with that problem.

Once we know the actual name we can look to see which it is.

sorry mispelling from my side. correct domain is angusbox.ovh

It looks like your domain is accessible only from within France.

You may find this description helpful of how Let's Encrypt checks from multiple places around the world to confirm that you control the domain name:

Presumably that's the underlying problem, even if your client isn't relaying the actual issue to you.

Yes, that's true. My firewall only accepts connections from France. However, it's strange because I never had a problem six months ago when obtaining the previous certificate or renewing it in February.

I will disable the regional restriction of my firewall to renew the certificate.

Nevertheless, I should still have the problem of reaching the maximum number of requests.

Let me check, and I'll come back to tell you what is going on.

I don't see any recent certificates with that domain name. I see about 10 from Dec with several different combinations of domain names. And, I see two in Feb but nothing recent.

Sometimes there is a delay but the system I used (Censys) is usually very quick to show them.

Another history tool we use https://crt.sh does not show any at all so maybe is having some kind of problem. That does not affect you.

After the firewall issue is resolved this looks more like the Synology "too many" problem and not a Let's Encrypt rate limit. Synology hides the actual message from LE which is not helpful. But, until I see actual new certs that is my best guess.

After updating my firewall to temporarily lift geographical restrictions, it worked. I was able to create a new certificate.

Thank you very much for your high-quality support and responsiveness.

I checked again and now see 5 certificates issued May 30 all issued within a few minutes 20:18 UTC

That is only about 10 minutes ago

You weren't affected by the Let's Encrypt rate limit before but you are now

This one: Rate Limits - Let's Encrypt

Ooops. Sorry. After firewall update I should refresh application 2 times. It seems Synology double each requests. On https://crt.sh we can see each time 4 certificates created in same time each time. Strange behavior. Anyway, it is solved. Thank you again.

Yes, there is a "precert" and the "leaf" certificate for each one. In advanced options you can choose to "deduplicate" to show only one of them.

And, yes, is confusing

Just a note that crt.sh has now current and shows all 5 issued today (10 if you do not deduplicate).

If you only did two then you may want to ask on the Synology forum how this happens.

Upon checking, I found it quite strange. Unfortunately, the Synology forum is not as responsive as this one. I will post a request there and try to get an answer.

It's possible that the NAS buffered the requests when the firewall was not correctly configured, and all the previous requests were sent once I updated the configuration. We can see that some requests are timed at 7 PM UTC, even though I was getting errors at that time due to port 80 not being open.

That is another confusing item. The validity notBefore time is set back 1H by Let's Encrypt. That avoids certain clock problems for clients.

I often look at the Certificate Transparency timestamps to know the actual time

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.