Please Help! Limit renew out and now my cert is expired

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:

It produced this output:

My web server is (include version):
Debian 11.8 - Apache2 ip

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

What does that mean?

Currently there's not much information to work with. Can you please elaborate more about your setup, situation, errors, et cetera et cetera?

You say you're working with Certbot, so I'm sure you can fill out the command & output questions, right?

1 Like

Thank you for your help Osiris!!!
Unfortunately my web server is closed on http and https to certain public ips.
This caused certbot's auto-check to exceed the renewal limit for
I deleted the certificate and tried to recreate it again but I receive the following message:

An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

1 Like

Yes, I can use certbot command

I tried now, opening all restrictions and it's work!
So, one question, I need to insert in my firewall restriction Let'S Encrypt ip for the next renew.
Have you this ip?

No, the IP addresses from where LE validates are not listed somewhere. There are multiple validation servers used around the world and the addresses can change at any time.


Ok, for the future I'll opned the restrictions and then I'l renew the certificate!
Thank you very much for your help!


can I to modify /usr/lib/systemd/system/certbot.timer?
Have you any suggestion?
I would like to disable and use when it is necessary.

I have no experience with systemd (OpenRC here), so no clue how to disable a systemd timer. I would also recommend against it.


Why would you do this?

If it is to open / close a firewall you should instead try to use --pre-hook and --post-hook

Or, configure your firewall to allow any IP if the request contains /.well-known/acme-challenge

Let's Encrypt certs should be renewed every 60 days (as currently recommended). Automating this is a key to success.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.