The server has less than 25 domains on it, yet I am hitting the rate limit of 300 active requests.
So, where are the other 275 requests coming from? Or are servers limited to three domains or something like that?
My domain is:
wistex.studio (and others, but this is a recent one I am trying to get an SSL cert for.)
I ran this command:
cPanel's Auto SSL ran itself. I did not do anything other than add the domain to WHM.
It produced this output:
WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/1286549616) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many currently pending authorizations: 301: see Rate Limits - Let's Encrypt)) You may contact Let’s Encrypt to request a change to this rate limit.
My web server is (include version):
Apache/2.4.59 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4
The operating system my web server runs on is (include version):
AlmaLinux v8.9.0 STANDARD kvm
My hosting provider, if applicable, is:
LiquidWeb
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
Provide the name and version of the control panel:
cPanel Version 118.0.8
The version of my client is:
Whatever cPanel is using. It apparently has AutoSSL installed and wants us to use you as the SSL provider.
The limit on too many pending authorizations (link here) is usually an ACME Client that is faulty.
Were there any other setup changes to AutoSSL recently? Because it reminds me of someone using AutoSSL hitting this same limit recently.
See the below thread for that situation. Try resetting the account unless your account has been used to get a rate limit exemption or is on the allow-list for ECDSA certs. You would know if yours had these.
I've linked to the bottom post which gets to the remedy but perhaps earlier posts in that thread would be helpful too. It's possible something else has gone wrong with AutoSSL but this seems good place to start.
The only switch is from Sectigo to Let's Encrypt. cPanel says it is discontinuing Sectigo and tells us to switch to Let's Encrypt. So we went into the "Manage Auto SSL" in WHM and switched providers to Let's Encrypt. Then at some point, Auto SSL ran, and gave that error on the very first run.
This is the second time we have tried to switch to Let's Encrypt, with the same result. First try was a couple months ago, and second try was today.
If we switch it back to Sectigo, we get certs. But Let's Encrypt will fail on its very first attempt. It seems odd that we would hit the rate limit on the very first query for less than 25 domains.
You definitely should try recreating the registration account as described in that post I linked (it's option #3).
After I posted I looked back and there were 3 or 4 similar threads not just the one I linked. One was exactly the same as you describe as a switch in Certificate Authorities.
It likely is that the registration connected to Sectigo doesn't get fully cleared out when switching CA's
The rate limit is not related to the number of names. It means the ACME Client (AutoSSL) has issued 301 authorization requests and has not even tried to fulfill them. It's just a wrong API traffic flow and is why there is a limit to protect LE from mis-behaved clients.
Given that it feels like auto SSL goes into a loop maybe as a result of getting an error code it didn't expect when it sent an incorrect registration to Let's Encrypt.