MASTER DCV: A rate limit prevents DCV

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): CentOS v7.9.2009

My hosting provider, if applicable, is: Liquidweb

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel 110.0.5

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

The Auto-SSL lets Encrypt is not working on the www. version of our clients domain. It is on the non www. Originally, it was giving an error message suggesting that there was a missing TXT file at the domains DNS, so that was checked/added and now we are getting the rate limit message. We are not sure what the issue is as we have never had it before and are looking for your input here. We have many accounts/websites on this server and this appears to be the only one having the issue.

Hello @g4design, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using Let's Debug yields these results

A fatal issue occurred during the DNS lookup process for
DNS response for had fatal DNSSEC issues: validation failure < CAA IN>: nodata proof failed from and 
A fatal issue occurred during the DNS lookup process for
DNS response for had fatal DNSSEC issues: validation failure < AAAA IN>: nodata proof failed from and 
1 Like

Yup, DNSSEC issues for the CAA record of the www subdomain. See also:



Does this mean they are pointing the www version to the wrong IP address? Those listed in the tool are not ours.

Also the certificate presently being served
SANs: Total number of SANs: 1

The SANs does NOT contain the www of

1 Like

would you suggest a delete an reinmall the auto-ssl or do you think its something they need to correct on the domain/DNS side? Sorry, this is all a bit above my head

I cannot recommend that at this point; however be for deleting anything always make a backup copy first.
(I do not know auto-ssl, sorry :frowning: )

Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

1 Like



Really what i am trying to know is if this is something that is an issue on my server and i need to resolve it for my client, or its on the client end with their domain and its DNS management. I know they are doing some sort of DNS splitting on their with the domain so maybe that is the cause? I justt don't want to keep wasting my time if I cannot help.

No, it means the DNS servers for your domain are not working properly. Please take this issue up with the hoster of your DNS and ask them to fix the DNSSEC problem for the CAA resource record for You can also send them the links I've provided in my previous post and also the letsdebug link provided by Bruce earlier.


OK, thanks. I appreciate your assistance here.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.