My domain got blocked for issuing many certificates

My domain is: geexar.d-123.com

I'm using control panel which had a problem after version upgrade it was issuing self signed certificates so i tried more than once to issue the certificate and i ended up with getting my domain blocked now i cannot issue certificate anymore and this is my main hostname it is affecting mail server as well

Thanks,

1 Like

Looking at your certificate history, you indeed issued a bunch of certificates at 2021-04-17. In this case, you need to find the certificate from the software you used, then install it manually.

For your mail server, I don't think it's currently blocked right now (I see 2 certs for that)

Since you didn't provide ANY information beside your domain name, it might be better to head to the control panel software support forum and ask them to help.
If you want people on this forum to help you, please fill out the form below.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

3 Likes

Thanks alot for your reply I was trying to generate both hostname certificate to be able to access domain:8090 with ssl and mail ssl
this problem happened after i ran upgrade to cyberpanel and many people got the same problem so i installed a fresh version after being blocked from lets encrypt so i think i lost my pre generated key also i don't know how cyberpanel typically store them but i think problem will be fixed by getting my domain out of block list as it mentioned here in logs :
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates already issued for exact set of domains: geexar.d-123.com

Thanks alot for helping here is the form

My domain is: geexar.d-123.com

I ran this command: Cyberpanel auto generate from control panel but i checked logs and re run the command they use with --debug so command is like this

/root/.acme.sh/acme.sh --issue -d geexar.d-123.com -d www.geexar.d-123.com --cert-file /etc/letsencrypt/live/geexar.d-123.com/cert.pem --key-file /etc/letsencrypt/live/geexar.d-123.com/privkey.pem --fullchain-file /etc/letsencrypt/live/geexar.d-123.com/fullchain.pem -w /home/d-123.com/home/d-123.com/geexar.d-123.com --force --debug

It produced this output:
[root@geexar ~]# /root/.acme.sh/acme.sh --issue -d geexar.d-123.com -d www.geexar.d-123.com --cert-file /etc/letsencrypt/live/geexar.d-123.com/cert.pem --key-file /etc/letsencrypt/live/geexar.d-123.com/privkey.pem --fullchain-file /etc/letsencrypt/live/geexar.d-123.com/fullchain.pem -w /home/d-123.com/home/d-123.com/geexar.d-123.com --force --debug

[Thu Apr 22 14:50:34 UTC 2021] Lets find script dir.
[Thu Apr 22 14:50:34 UTC 2021] SCRIPT='/root/.acme.sh/acme.sh'
[Thu Apr 22 14:50:34 UTC 2021] _script='/root/.acme.sh/acme.sh'
[Thu Apr 22 14:50:34 UTC 2021] _script_home='/root/.acme.sh'
[Thu Apr 22 14:50:34 UTC 2021] Using config home:/root/.acme.sh
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v2.8.9
[Thu Apr 22 14:50:34 UTC 2021] Running cmd: issue
[Thu Apr 22 14:50:34 UTC 2021] _main_domain='geexar.d-123.com'
[Thu Apr 22 14:50:34 UTC 2021] _alt_domains='www.geexar.d-123.com'
[Thu Apr 22 14:50:34 UTC 2021] Using config home:/root/.acme.sh
[Thu Apr 22 14:50:34 UTC 2021] default_acme_server
[Thu Apr 22 14:50:34 UTC 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt. org/directory'
[Thu Apr 22 14:50:34 UTC 2021] DOMAIN_PATH='/root/.acme.sh/geexar.d-123.com'
[Thu Apr 22 14:50:34 UTC 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsen crypt.org/directory
[Thu Apr 22 14:50:34 UTC 2021] _init api for server: https://acme-v02.api.letsen crypt.org/directory
[Thu Apr 22 14:50:34 UTC 2021] GET
[Thu Apr 22 14:50:34 UTC 2021] url='https://acme-v02.api.letsencrypt.org/directo ry'
[Thu Apr 22 14:50:34 UTC 2021] timeout=
[Thu Apr 22 14:50:34 UTC 2021] _CURL='curl --silent --dump-header /root/.acme.sh /http.header -L -g '
[Thu Apr 22 14:50:34 UTC 2021] ret='0'
[Thu Apr 22 14:50:35 UTC 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt .org/acme/key-change'
[Thu Apr 22 14:50:35 UTC 2021] ACME_NEW_AUTHZ
[Thu Apr 22 14:50:35 UTC 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt. org/acme/new-order'
[Thu Apr 22 14:50:35 UTC 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencryp t.org/acme/new-acct'
[Thu Apr 22 14:50:35 UTC 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencryp t.org/acme/revoke-cert'
[Thu Apr 22 14:50:35 UTC 2021] ACME_AGREEMENT='https://letsencrypt.org/documents /LE-SA-v1.2-November-15-2017.pdf'
[Thu Apr 22 14:50:35 UTC 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt. org/acme/new-nonce'
[Thu Apr 22 14:50:35 UTC 2021] ACME_VERSION='2'
[Thu Apr 22 14:50:35 UTC 2021] Le_NextRenewTime
[Thu Apr 22 14:50:35 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/di rectory
[Thu Apr 22 14:50:35 UTC 2021] _on_before_issue
[Thu Apr 22 14:50:35 UTC 2021] _chk_main_domain='geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] _chk_alt_domains='www.geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] Le_LocalAddress
[Thu Apr 22 14:50:35 UTC 2021] d='geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] Check for domain='geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] _currentRoot='/home/d-123.com/home/d-123.com/geex ar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] d='www.geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] Check for domain='www.geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] _currentRoot='/home/d-123.com/home/d-123.com/geex ar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] d
[Thu Apr 22 14:50:35 UTC 2021] _saved_account_key_hash is not changed, skip regi ster account.
[Thu Apr 22 14:50:35 UTC 2021] Read key length:
[Thu Apr 22 14:50:35 UTC 2021] _createcsr
[Thu Apr 22 14:50:35 UTC 2021] Multi domain='DNS:geexar.d-123.com,DNS:www.geexar .d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] Getting domain auth token for each domain
[Thu Apr 22 14:50:35 UTC 2021] d='www.geexar.d-123.com'
[Thu Apr 22 14:50:35 UTC 2021] d
[Thu Apr 22 14:50:35 UTC 2021] url='https://acme-v02.api.letsencrypt.org/acme/ne w-order'
[Thu Apr 22 14:50:35 UTC 2021] payload='{"identifiers": [{"type":"dns","value":" geexar.d-123.com"},{"type":"dns","value":"www.geexar.d-123.com"}]}'
[Thu Apr 22 14:50:35 UTC 2021] RSA key
[Thu Apr 22 14:50:35 UTC 2021] HEAD
[Thu Apr 22 14:50:35 UTC 2021] _post_url='https://acme-v02.api.letsencrypt.org/a cme/new-nonce'
[Thu Apr 22 14:50:35 UTC 2021] _CURL='curl --silent --dump-header /root/.acme.sh /http.header -L -g -I '
[Thu Apr 22 14:50:35 UTC 2021] _ret='0'
[Thu Apr 22 14:50:35 UTC 2021] POST
[Thu Apr 22 14:50:35 UTC 2021] _post_url='https://acme-v02.api.letsencrypt.org/a cme/new-order'
[Thu Apr 22 14:50:35 UTC 2021] _CURL='curl --silent --dump-header /root/.acme.sh /http.header -L -g '
[Thu Apr 22 14:50:36 UTC 2021] _ret='0'
[Thu Apr 22 14:50:36 UTC 2021] code='429'
[Thu Apr 22 14:50:36 UTC 2021] Le_LinkOrder
[Thu Apr 22 14:50:36 UTC 2021] Le_OrderFinalize
[Thu Apr 22 14:50:36 UTC 2021] Create new order error. Le_OrderFinalize not foun d. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates already issued fo r exact set of domains: geexar.d-123.com,www.geexar.d-123.com: see https://letse ncrypt.org/docs/rate-limits/",
"status": 429
}
[Thu Apr 22 14:50:36 UTC 2021] pid
[Thu Apr 22 14:50:36 UTC 2021] No need to restore nginx, skip.
[Thu Apr 22 14:50:36 UTC 2021] _clearupdns
[Thu Apr 22 14:50:36 UTC 2021] dns_entries
[Thu Apr 22 14:50:36 UTC 2021] skip dns.
[Thu Apr 22 14:50:36 UTC 2021] _on_issue_err
[Thu Apr 22 14:50:36 UTC 2021] Please add '--debug' or '--log' to check more det ails.
[Thu Apr 22 14:50:36 UTC 2021] See: https://github.com/acmesh-official/acme.sh/w iki/How-to-debug-acme.sh
[Thu Apr 22 14:50:36 UTC 2021] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips 26 Jan 2017
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Jun 23 2017 10:19:11
running on Linux version #1 SMP Thu Apr 8 19:51:47 UTC 2021, release 3.10.0-1 160.24.1.el7.x86_64, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/

My web server is (include version): OpenLiteSpeed

The operating system my web server runs on is (include version): CENTOS 7 x64

My hosting provider, if applicable, is: VPS From Vultr

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Cyberpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot)

1 Like

Hi,

Thank you for all the information provided!
From your description, you probably lost the certificate file... Have you tried to check under /etc/letsencrypt/live/geexar.d-123.com and /root/.acme.sh/ directories?
If not, the good news is, you will be able to generate a certificate after 23 Apr 2021 19:22:00 UTC according to letsdebug-toolkit.

Actually, before you attempt to issue a new certificate, could you please run below commands and see what you have?
/root/.acme.sh/acme.sh --list (This command should help you understand what certificates are currently present on your system)

If there's some existing certificates already matching the exact set of certificates, you might be able to use it (install it) with /root/.acme.sh/acme.sh --install-cert -d geexar.d-123.com --cert-file /etc/letsencrypt/live/geexar.d-123.com/cert.pem --key-file /etc/letsencrypt/live/geexar.d-123.com/privkey.pem --fullchain-file /etc/letsencrypt/live/geexar.d-123.com/fullchain.pem -w /home/d-123.com/home/d-123.com/geexar.d-123.com

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.