[rate limits issue] Clear the Pending Authorizations when u dont have access to the logs?

Hi,

While I try to renew my ssl certificate i had this message.

Error issuing certificate
Failed to issue certificate
Error creating new order: acme: error code 429 "urn:ietf:params:acme:error:rateLimited": Error creating new order :: too many currently pending authorizations: 307: see Rate Limits - Let's Encrypt

I tried to follow the documentation:

but I don't have access to logs that contain the relevant authorization URLS so I did wait 3 weeks before trying to renew the ssl again but i had the same error.

Is there a way to Clear the Pending Authorizations or anything i can do to renew my ssl?

Thanks a lot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hotel-du-cerf.com

I ran this command: I tried to renew my ssl certificate with cpanel 118.0.13

It produced this output: Error issuing certificate
Failed to issue certificate
Error creating new order: acme: error code 429 "urn:ietf:params:acme:error:rateLimited": Error creating new order :: too many currently pending authorizations: 307: see Rate Limits - Let's Encrypt

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: o2switch

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):cpanel 118.0.13

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Unfortunately, no.

LetsEncrypt has had an open ticket for several years to address a deficiency in which Orders for an account could be listed (see ACMEv2: "orders" field missing in account info · Issue #3335 · letsencrypt/boulder · GitHub). Ideally, one could compile a list of pending authorizations from the open orders. That is currently impossible. You must use logs.

Hitting this RateLimit for a single domain is rare, because you are allowed 300 per account. There is likely a bug in your system that is causing repetitive attempts that are destined to fail.

I suggest disabling whatever client/command cpanel is using and then try to use CertSage (search for it in this forum) first against the staging API, and then only against the production api upon success.

3 Likes

Have you recently switched cPanel from Sectigo to Let's Encrypt?

Because we see similar problems recently for people who have done that. One similar thread with actions to correct it are below.

Ignore the title. You will see the problem was the built-in ACME Client doing erratic things and how to correct it

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.