Lets Encypt Cert Max Reached *Newbie* using Synology

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jamiehomes.synology.me

I ran this command: Ran inside Synology DSM

It produced this output: Maximum certificate request received for this domain

My web server is (include version): Synology DSM

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Synology

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Latest DSM version

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don’t know

I am a newbie to this and would just love to secure my site! Synology won't take any responsibility! I read the LE cert maxes out at 300, i defiantly didn't make 300 requests, I don't know how long I have to wait or if I can clear any pending requests?

Welcome to the Let's Encrypt Community, Jamie

You've probablydefinitely hit the duplicate certificate rate limit (see @rg305's post right below) :

Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week. Note: renewals used to count against your Certificate per Registered Domain limit until March 2019, but they don’t anymore. Exceeding the Duplicate Certificate limit is reported with the error message too many certificates already issued for exact set of domains.

This version will be slightly easier to read than the similar (yet more complete) link from @rg305 below because this version removes the precertificates from the list:
https://crt.sh/?Identity=jamiehomes.synology.me&deduplicate=Y

Something changed between Aug 15 and Oct 5

Hi, I have been trying for ages to get this done and repeatedly failed. Synology today made me reload my NAS networks setting, still couldn't get a cert. Then they made me reload the whole system, still couldn't! get a cert! However whatever was stopping it appears to have cleared, now just getting the Max limit reached. Was wondering how long I will have to wait or can any pending requests be cleared?

It will take 3 days for the duplicate certificate rate limit to lift. You should also be aware of this:

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com , the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued , possibly with additional details.`

You should probably consider registering your own domain name to use with your DSM. It will cost you very little to save you from a lot of headaches. The rate limits would then apply to your new domain name and get you moving forward immediately.

You may find these helpful:

https://falkus.co/2019/01/a-story-about-lets-encrypt-and-my-synology-nas/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.