Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/1763964407) has reached a rate limit

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
Problem w/certificate - alsrlcenter.org
Server: webbering.net (note: as I am upgrading servers, I have to keep my previous server online until all websites have propagated and are loading from the new server)

I ran this command:
I was having difficulty with getting a certificate installed on the problem website as I couldn't get into the WP admin page. After a couple of attempts running AutoSSL on the website, I deleted the SSL records and ran AutoSSL again on the one domain. That didn't work so I ran AutoSSL for all domains. Not sure that was a smart decision.

It produced this output:

Log for the AutoSSL run for “alsrlorg”: Friday, July 19, 2024 11:21:30 PM GMT-0400 (Let’s Encrypt™)

11:21:31 PM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “alsrlorg”’s domains …

11:21:31 PM Analyzing “alsrlcenter.org” (website) …

11:21:31 PM ERROR TLS Status: Defective

ERROR Defect: NO_SSL: No SSL certificate is installed.

11:21:31 PM Attempting to ensure the existence of necessary CAA records …

11:21:31 PM No CAA records were created.

11:21:31 PM Verifying 4 domains’ management status …

Verifying “Let’s Encrypt™”’s authorization on 4 domains via DNS CAA records …

11:21:31 PM “mail.alsrlcenter.org” is managed.

CA authorized: “alsrlcenter.org

CA authorized: “*.alsrlcenter.org”

CA authorized: “mail.alsrlcenter.org

“*.alsrlcenter.org” is managed.

www.alsrlcenter.org” is managed.

alsrlcenter.org” is managed.

All of this user’s 4 domains are managed.

CA authorized: “www.alsrlcenter.org

“Let’s Encrypt™” is authorized to issue certificates for 4 of this user’s 4 domains.

11:21:31 PM Performing HTTP DCV (Domain Control Validation) on 3 domains …

11:21:31 PM Local HTTP DCV OK: alsrlcenter.org

Local HTTP DCV OK: www.alsrlcenter.org

Local HTTP DCV OK: mail.alsrlcenter.org

11:21:31 PM Verifying local authority for 1 domain …

11:21:32 PM No local authority: “*.alsrlcenter.org”

11:21:32 PM No local DNS DCV is necessary.

11:21:32 PM Processing “alsrlorg”’s local DCV results …

11:21:32 PM Analyzing “alsrlcenter.org”’s DCV results …

11:21:32 PM WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/1763964407) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many currently pending authorizations: 308: see https://letsencrypt.org/docs/rate-limits/)) You may contact Let’s Encrypt to request a change to this rate limit.

ERROR “Let’s Encrypt™” general error (alsrlcenter.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.alsrlcenter.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (mail.alsrlcenter.org): A rate limit prevents DCV.

ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

11:21:32 PM The system has completed “alsrlorg”’s AutoSSL check.

My web server is (include version):
AlmaLinux v9.4.0 STANDARD kvm

(https://162.214.152.146:2087/cpsess1450663027/scripts2/upcpform)

The operating system my web server runs on is (include version):
cPanel Version [120.0.11]

My hosting provider, if applicable, is:
HostGator

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Weird. The cPanel will not load. https://alsrlcenter.org:2082/
But the home page and WordPress admin pages load fine. I check the MX and it is pointing to the new server IP.

Yet there is NO SSL certificate for the domain on the new server.

How can that be?

Hello :slightly_smiling_face:

So it looks like you have certificates issued by Google Trust Services, not Let's Encrypt. It also appears that you have Cloudflare proxying in front of your cPanel instance.

5 Likes

This is your secure (HTTPS) cPanel admin login:

https://alsrlcenter.org:2083/

This is your secure (HTTPS) cPanel webmail login:

https://alsrlcenter.org:2096/

Ports 2082 and 2095 are insecure (HTTP) and thus should not be used.

5 Likes

Weird. https://alsrlcenter.org/cpanel redirects to https://alsrlcenter.org:2082 for me. I do see that on the it is the Google Trust.

But there is now an AutoSSL certificate on the new server for alsrcenter.org.

Validity
Not Before: Mar 13 00:00:00 2024 GMT
Not After : Mar 12 23:59:59 2027 GMT
Subject: C = US, O = Let's Encrypt, CN = R10

I've come to the conclusion that the issue is with the 'proxy' on Cloudflare not fully propagating immediately. I'll wait and check tomorrow on this one website.

Not for me. Something (Cloudflare edge?) is redirecting from HTTPS to HTTP (not HTTPS)

curl -i https://alsrlcenter.org/cpanel
HTTP/2 301
location: http://alsrlcenter.org:2082
server: cloudflare

The cert for alsrlcenter.org was issued by Google Trust and was acquired by Cloudflare on your behalf for use in its CDN edge.

What URL do you use to see that? Is there a particular port used when you see that?

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.