MASTER DCV: A rate limit prevents DCV

My domain is: www.comps.me.uk

I ran this command: AutoSSL

It produced this output: MASTER DCV: A rate limit prevents DCV.

My web server is (include version): AlmaLinux 9.3.0 (cPanel)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: 123-reg

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes [118.0.4]

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Can you find some detailed log?

4 Likes

I've searched for error logs in cPanel and also looking through directories on the server. I can't find anything relating to SSL or AutoSSL. None of the logs I've found have recent or persistent entries.

Is there a place you can suggest to look?

I can't find anything wrong with your domain: LetsDebug says everything is fine and I cannot find any recently issued certs on multiple CT log search sites (although crt.sh seems to be backlogged quite a lot currently, probably due to an outage recently).

So without detailed logs there's not much we can do I'm thinking. Maybe you can ask a specific cPanel/AutoSSL forum/community/support channel for where to find that log?

3 Likes

I found this in WHM:-
9:24:03 AM Analyzing “compsme”’s domains …

9:24:03 AM Analyzing “comps.me.uk” (website) …

9:24:03 AM User-excluded domains: 7 (www.comps.me.uk, mail.comps.me.uk, webmail.comps.me.uk, cpanel.comps.me.uk, webdisk.comps.me.uk, cpcontacts.comps.me.uk, cpcalendars.comps.me.uk)

ERROR TLS Status: Defective

ERROR Certificate expiry: 3/23/24, 3:31 PM UTC (2.74 days ago)

ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).

9:24:03 AM Attempting to ensure the existence of necessary CAA records …

9:24:03 AM No CAA records were created.

9:24:03 AM Verifying 1 domain’s management status …

Verifying “Let’s Encrypt™”’s authorization on 1 domain via DNS CAA records …

9:24:03 AM “comps.me.uk” is managed.

All of this user’s 1 domain are managed.

CA authorized: “comps.me.uk

“Let’s Encrypt™” is authorized to issue certificates for 1 of this user’s 1 domain.

9:24:03 AM Performing HTTP DCV (Domain Control Validation) on 1 domain …

9:24:03 AM Local HTTP DCV OK: comps.me.uk

9:24:03 AM No local DNS DCV is necessary.

Is there more? Because the error shown is probably just the reason why WHM is trying to renew the certificate in the first place, but not the error why it isn't getting a renewed cert from LE.

3 Likes

That's the complete record, the next entry is similar but for another domain, that one is all green and no errors.

I'll keep looking. Thanks for the replies and help so far.

1 Like

"Follow these instructions to "Recreate your registration". This will give your new VPS a new ACME account that doesn't have those 308 old pending authorizations still hanging around."
This solution, taken from a post by aarongable (thank you) solved my problem.
The link goes to these instructions:-

Recreate your registration

To recreate your registration, perform the following steps:

  1. Navigate to WHM’s Manage AutoSSL (WHM » Home » SSL/TLS » Manage AutoSSL) interface.
  2. Select the Let’s Encrypt™ option for your AutoSSL provider.
  3. Check the Recreate my current registration with “Let’s Encrypt™”. box after you accept the terms of service to recreate your provider registration.

This replaces your current registration with a new one. This is optional and not required to use the Let’s Encrypt provider.

3 Likes