Maximal certificate requests reached for this domain name

Wytoo · February 20, 2020, 9:32am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: duckdns.org

I ran this command: tried to request a certificate for a subdomain for a duckdns.org subdomain

It produced this output:

My web server is (include version): nginx

The operating system my web server runs on is (include version): Synology 6.2.2-24922 Update 4

My hosting provider, if applicable, is: none, myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes Synology 6.2.2-24922 Update 4

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): docker container with letencrypt and duckcert from linuxserver.io

stevenzhu · February 20, 2020, 3:27pm

Hi,

Can you share us your subdomain on that specific domain?
I believe duckdns is a free DNS hosting provider (for subdomains)

Thank you

Wytoo · February 20, 2020, 3:31pm

Yes, it is. Funny thing is I have another two that are working.

So in total I used 2 so far for duckdns and am just trying to add another, is that the reason?

bitwarden.wdce.duckdns.org

stevenzhu · February 20, 2020, 5:29pm

Hi,

Does the interface give you more information about the error message? It looks like this message means you have too many failed attempts for the domain request. You’ll need to wait for one hour (from the error message) to try again.

P.S. You are trying to use DNS-01 validation, but your port 80 and 443 do not have active listening server, which might result in failure (for the certificate request). (I’m not sure if your requesting server will attempt to bind the ports when you request the certificate)

Also, you have certificates issued in the past 2 weeks for this domain.

Wytoo · February 25, 2020, 8:04am

No sadly it just gives me this message. Well I’ve waited for one week now.

The listeners should be working now. It says

after all ,or do I misinterpret anything here?

Wytoo · February 26, 2020, 2:49pm

How many certificates am I allowed to have?

I mean 3 shouldn’t be too much right?

mnordhoff · February 26, 2020, 2:59pm

Right.

Wytoo · February 26, 2020, 3:07pm

Then why does it say so? Does the connection while trying also count? Is it because Duckdns was used too often by other people?

mnordhoff · February 26, 2020, 3:21pm

I don’t know. I don’t know much about Synologies, unfortunately.

It looks like you issued several certificates two weeks ago, and none recently.

That’s not an error message returned by Let’s Encrypt. If there was some kind of error, your client is hiding what it was, and giving you that message instead. It might not be correct.

Are there logs available that show what’s happening in detail?

I’m not sure if there are many people on this forum with Synology expertise. You might be better off asking on a Synology forum.

Wytoo · February 27, 2020, 6:45am

Thanks Mnordhoff. You set me on the right path. It was a Synology Problem. I dunno why, but I’ve had to delete all the existing certificates and add a new one, with all the existing ones below as “Alternatives Names”

system · March 28, 2020, 6:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.