Renew expired certificate --> XXXX.spdns.org domain


#1

Hello,

I tried to renew my certificate, but I have got the following error message. I have tried to renew it several days, but with no success. This is really really annoying! :frowning: :frowning:

I know there is a limit issue with spdns.org domains, but what can I do in this case? The limitation is absolutely impracticable!

I hope you can help me!

Thank you very much in advance!

Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo letsencrypt renew
[sudo] password for XXXX:
Processing /etc/letsencrypt/renewal/XXXX.spdns.org.conf
2016-03-13 09:35:29,573:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/XXXX.spdns.org.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: spdns.org. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)


#2

The only workaround is to use a different domain. Either with a DDNS provider on the Public Suffix List, or a “proper” domain that’s a CNAME pointing at your .spdns.org subdomain.


#3

Hello @cubeinvest,

As @cool110 said, you have very few options.

1.- I agree @cool110, your best option is to get a domain from another dyn dns provider included in PSL or get your own domain and create a CNAME record pointing this domain to your dynamic domain in spdns.org. You can get your own domain for less than $10 year and most registrars have offers where the first year your domain costs less than $1. Anyway, you have other option if you don’t want or can’t pay for a domain, you still can get a free domain like (.tk, ml, ga, .cf, .gq …) take a look to freenom.com (Disclaimer: I’ve never used this kind of service).

Note: Of course, you can also get your domain in a registrar that allows dynamic dns as spdns.org does so you don’t need to use a CNAME record.

2.- The other option is to be on the lookout to see when it expires the rate limit. In your case, next slot to be able to issue a certificate will be today, Sunday 2016-Mar-13 from 14:47:00 UTC. But this option is not funny, easy or reliable.

— Edit —
I forgot to mention the 3rd option:

3.- Let’s Encrypt is implementing a way where you won’t hit the rate limit if you are renewing your cert but there is no ETA when it be on production… I hope it takes just a few days/weeks. When implemented you should be able to renew your cert without hitting the rate limit applied to parent domain.

— End Edit —

Good luck,
sahsanu


#4

I please ask the Let’s Encrypt team to merge the mentioned pull request. This hits all people having successfully created a certificate, made sure it works, propagated the service and now cannot renew the certificate. This is a worse hit than not able to create the certificate in first place. I’m in real trouble now.

Edit: If I read the pull request correctly, it has been merged 4 days ago, so maybe now it’s about when the next version is rolled out in production? I hope this will happen soon. Thank you, Let’s Encrypt team!


#5

Hello,

thank you all very much for your help and your replies.

@sahsanu : I have choosen your possible option No. 2 (Sunday 2016-Mar-13 from 14:47:00 UTC) :slight_smile: and it has worked very well! Perfect, thank you very much!
My certificate is now valid for another three months:

Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo /home/XXXX/.local/share/letsencrypt/bin/letsencrypt renew
Processing /etc/letsencrypt/renewal/XXXX.spdns.org.conf
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been
renewed: /etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem (success)


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.