Rate Limits hit because of TLS-SNI validation issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: redirect.bibushost.com

I ran this command: certbot renew

It produced this output: Error creating new authz :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): bibushost.com

The operating system my web server runs on is (include version): CentOS 7.4

My hosting provider, if applicable, is: Nimblu / ourselves

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ispconfig

My situation is that I used CentOS 7.4 with ispconfig 3.1.11 and certbot for certificate issues/renewals.
Now since the 20th of January I constantly get the rate limit message.
I did replace certbot with version 0.21 from github to ensure a current certbot.

I am affected not only with the webserver of bibushost.com, affected certificates: bibus.at, bibusmetals.hu, redirect.bibushost.com
Also I am affected on my host negotium.ch: pfaendler-uhren.ch, spielgruppe-kreuzlingen.ch, negotium.ch, etc.

I have no clue how I could reasonably clear the pending authorizations. I read https://letsencrypt.org/docs/rate-limits/ but I have not yet figured out how to do this and I suggest you find a better, aka. more intuitive method to do this.

Crashing on rate limits unexpectedly while using your client just because you changed some technical detail because of security issues is very troubling.

I would be very glad, if you could help me.

Best regards,

Patrick Daxboeck

Hi @dax,

A couple of people have written scripts to clear pending authorizations. Two examples are

I will inquire about adding this functionality to Certbot as well, but that wouldn’t happen in time to be useful to you.

Dear @schoen,

Thank you very much for your effort to provide me with some scripts.

The python script seems to be buggy as it complains about not being able to find the letsencrypt.211 logfile
The go script I was not able to compile.

So as I had it before, I have no solution to clear the pending authorizations.
And that could be a simple x86 linux(elf) binary which does the job.

I would prefer a solution where I don’t need to install programming languages and compilers which I have no other need for and scripts which do work and don’t require me to debug and fix them.

Do you have other scripts which are either written in c or bash scripts which do work in a standard server environment without special languages and depencies needed ?
Or as I would prefer, binaries which I just could execute ?

Have a nice day and best regards,

Patrick Daxboeck

The author of the go script also shared a binary here (I’m linking to the forum post rather than directly to the binary so that you can read his warning :slight_smile: )

I don’t have another script, but if you show me the error from the Python one, I could try to help debug it!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.