Looking for method to remove pending authorizations v2

Hello,

We are using the Let’sEncrypt extension on Plesk Onyx. We recently moved a few hundred domains onto the server and made the mistake of attempting to automatically add the certs - but the DNS was not yet pointed. We began to receive the rate limiting error and waited 7 days, but are still getting the same error and unable to issue certs. I am looking for a way to see what limit we are hitting, assuming the pending authorization limit, and then also to clear these pending autos since it has been longer than 7 days and we are still seeing issues. Can anyone help point me in the right direction? I am seeing errors like…

Domain validation failed: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/XXXX
and
Detail: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

So I know I am using the v2 version.

Thanks in advance for your help.

That error message comes from this rate limit:

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems.

At least for that name, you have many invalid authorizations, but probably don’t have a pending one.

OK - so if I get rid of the failed validations we should be good to go?

There’s not really anything to get rid of. The rate limit will go away soon.

But why were there more than 5 attempts to validate the name in the last hour, and why did they fail?

I think what is happening is some domains were transferred, and then clients moved their sites to another service without letting us know - so the domain still seems live and when we tried to renew - the certs failing validation - because the domain is no longer on Plesk - though the Plesk extension is placing the .well-known folders/files - the real domain - no longer on our system - doesn’t have them.

I’m working on cleaning that up now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.