Rate Limit on domain

thenet12 · July 13, 2016, 5:17pm

hello there,
I’ve never attempt to generate SSL from letsencrypt before… Please help, I was using this tool “https://gethttpsforfree.com/” to attempt to generate SSL for “hieuken.com”, “www.hieuken.com” and got this error every time.
Error: Account registration failed. Please start back at Step 1. { “type”: “urn:acme:error:malformed”, “detail”: “JWS verification error”, “status”: 400 }

I then tried “www.sslforfree.com” and get this error. Is there a way you can reset the rate count or rate limit on this “hieuken.com”, “www.hieuken.com” domain?

Certificate signature failed. Certificates per Domain is currently 5 per 7 days. If there is a rate limiting error at the end of this paragraph. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:acme:error:malformed”, “detail”: “Error unmarshaling certificate request”, “status”: 400 }

Thank you.

pfg · July 13, 2016, 5:42pm

The actual error reported by Let’s Encrypt is this part: { "type": "urn:acme:error:malformed", "detail": "Error unmarshaling certificate request", "status": 400 }

The text prior to that is something www.sslforfree.com came up with, and mentions this only applies if there’s a rate-limit-related error message at the end, which is not the case here.

The error seems to indicate there’s a problem with your CSR - did you provide your own CSR, or did you use the one www.sslforfree.com generated for you? If it’s the former, there’s probably something in your CSR that Let’s Encrypt doesn’t like - you can share it if you’d like for us to take a look. If you used the CSR www.sslforfree.com generated for you, it might be a bug with the site.

thenet12 · July 13, 2016, 7:20pm

Thank you. I am not sure what was up with the CSR generated within my server. I tried the CSR from SSLForFree and it worked. It just required a few more tricks to merge the key & cert using OpenSSL.

schoen · July 13, 2016, 10:05pm

We’ve seen a problem recently that there are different versions of the CSR format and Let’s Encrypt does not support, I believe, older versions. I don’t know the details, but I’m sure somehow can supply them if this comes up again. But for reference, if you get a malformed CSR error and you’re sure that what you’re sending is really a CSR, you can try generating a fresh CSR with openssl.

Hopefully in the future Boulder will send a more detailed and meaningful error from the CA side.

system · August 12, 2016, 10:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.