I tried to renew my certificate, but I have got the following error message. I have tried to renew it several days, but with no success. This is really really annoying!
I know there is a limit issue with spdns.org domains, but what can I do in this case? The limitation is absolutely impracticable!
I hope you can help me!
Thank you very much in advance!
Updating letsencrypt and virtual environment dependenciesā¦
Running with virtualenv: sudo letsencrypt renew
[sudo] password for XXXX:
Processing /etc/letsencrypt/renewal/XXXX.spdns.org.conf
2016-03-13 09:35:29,573:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/XXXX.spdns.org.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: spdns.org. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
The only workaround is to use a different domain. Either with a DDNS provider on the Public Suffix List, or a āproperā domain thatās a CNAME pointing at your .spdns.org subdomain.
1.- I agree @cool110, your best option is to get a domain from another dyn dns provider included in PSL or get your own domain and create a CNAME record pointing this domain to your dynamic domain in spdns.org. You can get your own domain for less than $10 year and most registrars have offers where the first year your domain costs less than $1. Anyway, you have other option if you donāt want or canāt pay for a domain, you still can get a free domain like (.tk, ml, ga, .cf, .gq ā¦) take a look to freenom.com (Disclaimer: Iāve never used this kind of service).
Note: Of course, you can also get your domain in a registrar that allows dynamic dns as spdns.org does so you donāt need to use a CNAME record.
2.- The other option is to be on the lookout to see when it expires the rate limit. In your case, next slot to be able to issue a certificate will be today, Sunday 2016-Mar-13 from 14:47:00 UTC. But this option is not funny, easy or reliable.
ā Edit ā
I forgot to mention the 3rd option:
3.- Letās Encrypt is implementing a way where you wonāt hit the rate limit if you are renewing your cert but there is no ETA when it be on productionā¦ I hope it takes just a few days/weeks. When implemented you should be able to renew your cert without hitting the rate limit applied to parent domain.
I please ask the Letās Encrypt team to merge the mentioned pull request. This hits all people having successfully created a certificate, made sure it works, propagated the service and now cannot renew the certificate. This is a worse hit than not able to create the certificate in first place. Iām in real trouble now.
Edit: If I read the pull request correctly, it has been merged 4 days ago, so maybe now itās about when the next version is rolled out in production? I hope this will happen soon. Thank you, Letās Encrypt team!
thank you all very much for your help and your replies.
@sahsanu : I have choosen your possible option No. 2 (Sunday 2016-Mar-13 from 14:47:00 UTC) and it has worked very well! Perfect, thank you very much!
My certificate is now valid for another three months:
Updating letsencrypt and virtual environment dependenciesā¦
Running with virtualenv: sudo /home/XXXX/.local/share/letsencrypt/bin/letsencrypt renew
Processing /etc/letsencrypt/renewal/XXXX.spdns.org.conf
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been
renewed: /etc/letsencrypt/live/XXXX.spdns.org/fullchain.pem (success)
and it has worked very well! Perfect, thank you very much!