Need help getting cert

I ran this command: certbot -d passbolt.dbahost.net --manual --preferred-challenges dns certonly
I ran above command few times and probably this is source of my problem, is it possible to unblck it, please?

It produced this output: Renewing an existing certificate for passbolt.dbahost.net
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

My web server is (include version): Apache 2 version 2.4.61

My hosting provider, if applicable, is: N/A

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
Server: passbolt.dbahost.net
I can login to this machine as a root
certbot 1.12.0
Operating system Debian Bullseye

Thank you in advance,
Alojzy Kluska

@akluska I moved your post to its own thread. We prefer each issue to have its own.

Had you posted in the Help topic to start you would have been shown the form below. Please answer as much as you can. I removed the questions you already answered.

===============================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I ran this command:

It produced this output:

My web server is (include version):

My hosting provider, if applicable, is:

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No, rate limits cannot be manually unblocked. You just have to wait.

Please do all your testing on the staging environment which has way less strict rate limits. When you figure out how to get a staging cert, you can switch to the production environment.

Also note that using the manual plugin is not recommended, as it cannot be easily automated and thus cannot be renewed automatically. It looks like you're running your own DNS servers. You can probably use the RFC 2136 DNS plugin to automate the dns-01 challenge.

Edit: fpdns identified your nameserver ns6 as BIND and your ns4 as NLnetLabs NSD. While BIND supports RFC 2136 just fine, it looks like NSD doesn't: nsd/doc/REQUIREMENTS at dea60558002475bc86a9f37f3c64c03a80697427 · NLnetLabs/nsd · GitHub. Which is sad.

Maybe you can use acme-dns if you have a spare host on a separate DNS laying around which is not already running a DNS server on port 53

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.