MASTER DCV: A rate limit prevents DCV on all domains

Running into the following error on many domains MASTER DCV: A rate limit prevents DCV and cant find a way to resolve it. I can see issue attempts here but dont know what it means. Seems to be well below the limits i read about: https://crt.sh/?q=sveffoundation.org

Full log result at end of this post.

My domain is: sveffoundation.org

The operating system my web server runs on is (include version): cloudlinux 7

My hosting provider, if applicable, is: overhaulics

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel

LOG:

Log for the AutoSSL run for “sveffoun”: Thursday, January 7, 2021 1:51:13 AM GMT-0700 (Let’s Encrypt™)

1:51:13 AM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “sveffoun”’s domains …

1:51:13 AM Analyzing “sveffoundation.org” (website) …

1:51:13 AM User-excluded domains: 8 (mail.sveffoundation.org, mail.sveffoundation.com, mail.sveffoundation.net, webmail.sveffoundation.org, cpanel.sveffoundation.org, webdisk.sveffoundation.org, cpcontacts.sveffoundation.org, cpcalendars.sveffoundation.org)

TLS Status: Ready for Renewal

WARN Certificate expiry: 1/19/21, 4:16 PM UTC (12.31 days from now)

1:51:13 AM Attempting to ensure the existence of necessary CAA records …

1:51:13 AM No CAA records were created.

1:51:13 AM Verifying 6 domains’ management status …

Verifying “Let’s Encrypt™”’s authorization on 6 domains via DNS CAA records …

1:51:13 AM “sveffoundation.org” is managed.

www.sveffoundation.org” is managed.

www.sveffoundation.com” is managed.

www.sveffoundation.net” is managed.

CA authorized: “sveffoundation.net

CA authorized: “www.sveffoundation.net

CA authorized: “sveffoundation.org

CA authorized: “www.sveffoundation.org

sveffoundation.net” is managed.

CA authorized: “sveffoundation.com

CA authorized: “www.sveffoundation.com

“Let’s Encrypt™” is authorized to issue certificates for 6 of this user’s 6 domains.

sveffoundation.com” is managed.

All of this user’s 6 domains are managed.

1:51:13 AM Performing HTTP DCV (Domain Control Validation) on 6 domains …

1:51:13 AM Local HTTP DCV OK: sveffoundation.com

Local HTTP DCV OK: sveffoundation.net

Local HTTP DCV OK: sveffoundation.org

Local HTTP DCV OK: www.sveffoundation.com

Local HTTP DCV OK: www.sveffoundation.net

Local HTTP DCV OK: www.sveffoundation.org

1:51:13 AM No local DNS DCV is necessary.

1:51:13 AM Processing “sveffoun”’s local DCV results …

1:51:13 AM Analyzing “sveffoundation.org”’s DCV results …

1:51:14 AM WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/108086802) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for exact set of domains: sveffoundation.com,sveffoundation.net,sveffoundation.org,www.sveffoundation.com,www.sveffoundation.net,www.sveffoundation.org: see https://letsencrypt.org/docs/rate-limits/)) You may contact Let’s Encrypt to request a change to this rate limit.

ERROR “Let’s Encrypt™” general error (sveffoundation.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (sveffoundation.com): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (sveffoundation.net): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.com): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.net): A rate limit prevents DCV.

ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

1:51:14 AM The system has completed “sveffoun”’s AutoSSL check.

2 Likes

You already have issued 5 identical certificates. Use one of those. See the rate limit documentation mentioned in the error message.

4 Likes

As far as I can tell I see no new certs on my server. It only shows the old expiring one. How would I use something it doesn't show? This may be the reason it keeps getting requested and not automatically applied. Maybe a cPanel issue?

2 Likes

Could very well be, but I don't know anything about cPanel as I don't have any experience with it. Maybe someone else does. It might even be the cPanel forum is a better place to debug this, as (as far as I know) there isn't much experience with cPanel on this Community in general.

2 Likes

Welcome to the Let's Encrypt Community, Kyle :slightly_smiling_face:

I use cPanel for most of my websites. Did you go to the Security section in cPanel, click to manage your certificates, then click install for one of your recent certificates?

1 Like

I have always used Lets Encrypt as my Auto SSL in WHM and have never had to touch a thing inside cPanel itself when installing. If a domain is live it just adds an SSL automatically.

This is what I see in cpanel: https://www.loom.com/share/9754debd28a14a7ba2423c459de9fc3d

Just the self signed and expiring cert. None of the supposed 5 new ones are available. If I click update it just populates with the current cert with a warning that its expiring soon.

2 Likes

When you clicked Browse Certificates, did you see the link to the "Certificates" page?

1 Like

Yes, it shows the same ones as before. A - Self Signed - Expiring 10/20/21 and one Let's Encrypt - Expiring 1/19/21. Nothing else.

2 Likes

Odd. Your certificate history certainly indicates that you have acquired more than a few certificates. Where did they go?


Oh! :astonished: You're using Cloudflare. That's a different animal entirely. You would be much better off using Cloudflare Origin CA certificates rather than Let's Encrypt certificates because they last much longer and are easier to manage.

1 Like