Not able to create a certificate


#1

Not able to create a certificate using my own CSR. The error I get is: “Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree. If there is a rate limiting error at the end of this paragraph certificates per Domain is currently 5 per 7 days. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:ietf:params:acme:error:rateLimited”, “detail”: “Error finalizing order :: too many certificates already issued for exact set of domains: lowcountrydivorceandfamilylaw.com,www.lowcountrydivorceandfamilylaw.com: see https://letsencrypt.org/docs/rate-limits/”, “status”: 429 }”

I only have 2 domain certificates and that was established over 30 days ago. I am trying to add another today and receiving that error with every attempt. I have tried both DNS and FTP with no success. Below is my CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIIDVTCCAj0CAQAwgaYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Tb3V0aCBDYXJv
bGluYTEUMBIGA1UEBwwLU3VtbWVydmlsbGUxKDAmBgNVBAoMH0xvd2NvdW50cnkg
RGl2b3JjZSAmIEZhbWlseSBMYXcxDjAMBgNVBAsMBU93bmVyMS4wLAYDVQQDDCV3
d3cubG93Y291bnRyeWRpdm9yY2VhbmRmYW1pbHlsYXcuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JY6YyugnZhrxU2HdQ7kIxI/LHkdcGkybrTW
UsjopDoy4gJ2SMfSPNOFf3NzQCtcHvn1cJK9K0okkxACfUTE9hgS+4U3ew5yMSFR
LbocHpp5gGOhpwyrXWiOuVfbS8r+O8FuQAvmgRVSlJ2WaT404ZD2qMjqW5xNejue
DsBigYMaGpL1II9qPWzuAjAd2gyADl+bnAMjLhQm06d/poLuj2ibdlT/s9GypkV4
gcxnJEED+HJ/y3SR96KKAtnzVsvPW+cIeFaB9r/14PKF9MoTHpw4xPPQQT3yzxh2
uXPriV5R4eheGCgUDmwbU4Y7sMU0/H0ApN3slW9c+2Se5bhSpwIDAQABoGkwZwYJ
KoZIhvcNAQkOMVowWDBWBgNVHREBAf8ETDBKgiV3d3cubG93Y291bnRyeWRpdm9y
Y2VhbmRmYW1pbHlsYXcuY29tgiFsb3djb3VudHJ5ZGl2b3JjZWFuZGZhbWlseWxh
dy5jb20wDQYJKoZIhvcNAQELBQADggEBAMuubhxLA0eO/faYqSwZXKY8Kg+cVfKc
7DPecabZrV3GkWXQAw+BjxEiOghTQyIkk2GfD7AufLmZkOwc/K/RED9QGFum/77r
pHMrNyT/Iy/CMGlQ0i4PbOStuGeZFyhQGPK7A7b31TETLW8ViISTBZ2BBdbAVbQT
CyHKZVlMDrglw2M3vI5p6N5KATbhm3of6rtNspgCWZqSl2FIHhuP3VQvxR9WhEb6
zY0h8zwAdgT+BbyltOLC8AaJmmImGsZak5C5z6ZBKvc1E9vA6MjJCPBK9LbmM+Ra
D6RjRgwmO2zz+NddcJNyxmmC8aO1ZzgW1X7vsVrRZ/FDtCxLTQ6/fbo=
-----END CERTIFICATE REQUEST-----


#2

The initial error message is misleading and there is nothing wrong with the csr.
The problem is:

see: https://crt.sh/?q=lowcountrydivorceandfamilylaw.com


#3

These are all my attempts today. The 1st one failed the same. How do I get around this? I also tried 2 other domains with same exact results.


#4

All those are issued certs.
The only “way around” is to wait until 7 days have passed since the first was issued to get another.

In the interim, you could try your process against the staging (test) server.


#5

Even for other domains?


#6

Nope, not for other domains, unless you’ve already issued 5 certificates for them.


#7

I have had this same scenario all day, even for 2 other domains I have tried. Same error from the 1st attempt.


#8

What are the other domains?


#9

www.help4dad.com, www.szafirm.com


#10

There are no certs found for those two names.
What is their exact error?


#11

-----BEGIN CERTIFICATE REQUEST-----
MIIDFDCCAfwCAQAwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
MRAwDgYDVQQHDAdBbmFoZWltMSkwJwYDVQQKDCBMYXcgT2ZmaWNlIG9mIERhdmlk
IEMuIFN0b25lIEFQQzETMBEGA1UECwwKZmFtaWx5IGxhdzEZMBcGA1UEAwwQd3d3
LmhlbHA0ZGFkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAk
XBwQX480PjaQhy3qi5UxyykD0lcD6fKl7UuD8LLaLT6LL6Ud2g7fsAakARsWBzn+
Q8mD9id7lSnw5YVUhroMOuFUobY3Nt4Ajv6Rk+A1s4ZayQTNNqRAU/Vh6aSULXp1
B4A/NhU8dpy8E/bg7GSwpZisz2VsUea2yX8gO0rpZpQDgVbUXn7DPTS0DPXqEePD
YMe8sUCOKEvPbQKa/4K/vjEPF6CRwfATrnxuTPMr6wRPP+Q7tWvgMNEYVxyNvIk1
Fbn3lzA8D8rZTUJMfAgFirDuXAdteSHbvSeUP+G3ksYMpwwAeZ8m0QcRiR/BAMpY
4gM6Bv6Pm1wcgnOSbW8CAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RAQH/
BCIwIIIQd3d3LmhlbHA0ZGFkLmNvbYIMaGVscDRkYWQuY29tMA0GCSqGSIb3DQEB
CwUAA4IBAQATeiISQLzEaxSp8P5EzoVX2/Q9kfF31V75+//0DXOzezH0+csaaHng
xC3x3YxfmdA3Uu651GxQnt+eSSf54TeniPRkewvHhNUjlYFetriDXrvokFgvlntG
Dr6B0IyMS+bNjjhP7YY4Rgn8B8q31qax+A1FtAtu20lelUjEMZT+ChBOFyntIzQx
Os+8jyY2Kfxp7dNjHqBJp4ji2XgjyHOqoRUBFYdRbF8G1nfvgDgO756WRwmn4p71
Jy15JGo6233nSU2gArpJBkx0XU402h04vQqZu7YZWch/GJFJdrJR0Um5WN2FpPFW
V6ff+sla0rI3ZMqPCle3tLht6q1SDrpA
-----END CERTIFICATE REQUEST-----


#12

There is nothing wrong with that CSR.
What is the error you get?


#13

Just tried again to get error and see why it wasn’t showing up and on this one I am getting the error configuring SSL on my web host that says: “The Certificate is not in the list of valid providers, please try another.”


#14

I think we got started the wrong way here because we started talking about the rate limit without getting the answers to questions about how you’re trying to obtain the certificate.

How are you trying to obtain your certificate? What error do you see when you do that, and from what kind of software?


#15

I am doing this through my web host LiquidWeb that supports Lets Encrypt. My other domains there worked perfectly the 1st time. 1st I am having LiquidWeb create the CSR, then I am entering the CSR with sslforfree.com using the manual FTP option. Files are verified there but get that error when I enter the Certificate back at LiquidWeb.


#16

Thanks! What did sslforfree.com say about these other domains?

The error message (if any) presumably started exactly the same way with “Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree.” and so on, but the technical details at the end in curly brackets {} are probably quite different, since in one case there were 5 certificates already issued and in the other cases none at all.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.