Maximal Certificate Requests - Synology

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 21cellars.com

I ran this command: from Synology Diskstaton account

It produced this output: "Maximal certificate requests reached for this domain name"

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Hello @pcoates, welcome to the Let's Encrypt community. :slightly_smiling_face:

Please see the Rate Limits and Failed Validation Limit - Let's Encrypt.

Also your Ports 80 and 443 are Closed, Port 80 needs to be Open and Accessible for the HTTP-01 challenge of the Challenge Types - Let's Encrypt.

Best Practice - Keep Port 80 Open

$ nmap -Pn -p80,443 21cellars.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-10 15:04 PDT
Nmap scan report for 21cellars.com (71.212.163.125)
Host is up (0.016s latency).
rDNS record for 71.212.163.125: 71-212-163-125.tukw.qwest.net

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
3 Likes
3

I have both ports open on my router. When I run nmap with my domain multiple times the status alternates between "closed" and "filtered" on both ports. Also, when I try to create the certificate from the Synology Diskstation page sometimes it says it cannot access because the port is closed and sometimes it gets through and says "Maximal certificate requests reached for this domain name." When the later occurs does that mean I am getting through to Let's Encrypt (through the appropriate ports) and just getting denied because I have made too many attempts? If so, when does it reset so I can try again?

4

You might have an active firewall that is blocking (filtering) requests. Check your router and other equipment settings.

This is a confusing message. Let's Encrypt does have limits but this is not the exact error message from Let's Encrypt when you reach LE limits. When I have seen this error in this forum it is usually something wrong with the Synology device. You could search this forum or try a Synology support forum. It's a good chance whatever is causing your "closed" and "filtering" is the root cause of this error.

Using the public logs (below), I don't see that you are affected by Let's Encrypt limits (link here). With your custom domain the most likely would be the limit on 5 certs per week with the identical set of domain names. In the current public log I don't see any certs issued in past week. Although the logs sometimes lag by as much as 24 hours.

image
image2301×558 146 KB

4 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.