SSL Limits And More

My domain is: female-rappers.com
It produced this output: Reached one of the limits for certificate issuance
The operating system my web server runs on is (include version): Plesk for Linux - Apache and nginx.
My hosting provider, if applicable, is: ionos

I can login to a root shell on my machine (yes or no, or I don't know): yes I did, but have no experience and at this moment would not want to log into root shell again currently.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18.0.69 Update #3

I did sucessfully issue a Wild Card SSL certidicate for my domain roughly four days ago! I first put a regular and then switched. I sucessfully had my site on cloudflare also.
Long story short, I purchased the same VPS package a second time with Ionos and just wanted to point my domain my domain to the new IP. I have default configurations set up, I sucessfully installed a SSL certificate again with new IP and then I decided to wanted to switch it to wildcare before I put Cloudflare back on. And now that I think about it, I think the first time I sucessfully was able to get Wildcare on the first IP was ALREADY putting cloudflare on with regular SSL already on (though honestly maybe that didnt make a difference)
Either way, this time I couldn't get wildcard working. So I turned off ModSecurity, disabeled / reanabled Dnssec combitions to see if it was something there. Even after reading articles, at this moment just does not seem like my brain wants to wrap my head around anymore information as to why, especially because I already sucessfully did it a few days ago without too much thought, though I did have to try multiple times to get wildcard to work first time and even then I was like "well didn't really change much I don't think, but now it will let me."

Prior to reach domain limit, I did start deleting the record added from LetsEncrypt, thinking I might get wildcard to work that way, even though I never tried it that way to get it to work the first time. Well I did read in the reach limit article this is a fast way to get the notice of reaching the limit for a domain, so now I know.

So this time, I can't even get a regular SSL certificate and now I have learned about SSL Limits and read information with many many different numbers with many many different dates. So one attempt I made was creating *.femalerappers.com sub domain and then try issuing a wildcard . So use the workaround for reaching limit. Something must have been wrong there too, the message did not show that I reached a limit that way, but still could not connect to the domain.

One thing I did not do this time while not connected to Cloudflare , is add any information to the company that I own my domain with, as it is seperate from my hosting VPS account.

I would be very happy with just a regular SSL certificate and learn my lesson about reaching limits and or removing txt record that you see after system says its not there even though you see it added there.

Currently I thought I only needed to wait 3 hours before issuing a regular SSL certificate again, that did not work, then I thought 8 hours later? That did not work either. I am more than happy currently to just have a regular SSL certificate (was sucessful everytime before limit message), but it seems like I need to wait a full 7 days again because of limit reach?

Currently with *.female-rappers.com and trying to do wildcard to bypass limit reach, even though I see the new txt record for domain being added on other page, I still get this message

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/2387662367/518463966247
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: No TXT record found at _acme-challenge.female-rappers.com

Plesh support provides this
https://support.plesk.com/hc/en-us/articles/16746784593175-How-to-check-propagation-of-DNS-records-for-a-Plesk-domain

Domain *.female-rappers.com resolve problems detected:
The domain is not resolvable. To put your website online, correct [DNS Settings]

At this point it seems like I would like to just wait until I can get a regular new SSL certificate , but understanding the limits and knowing the number I am currently at is something that does not seem possible to know.

"Up to 50 certificates can be issued per registered domain every 7 days."

Since I have tried so many times, I might have done 50, but I don't know when does the 7 days start and end with this rule? I have tried to wrap my head around the other numbers provided.

After writing this post, I guess I just won't do anything and think I have to wait a full week until I can make my site secure again.

It is perfectly possible to know--the error message Let's Encrypt gives you tells you exactly when you'll be able to get another one. If your software hides that error message, that's a bit of a problem with that software.

Hi @bowm02,

You could consider using another free ACME CA, here is one comparison

Found it on Plesk , I must have just not read the specific line.
retry after 2025-05-11 09:04:43 UTC
Thank you! I noticed a few typos in the spelling of my post, but did not see how to edit post. I just submitted a regular one again and recevied this message and it DOES provide a date and time I can try again! thank you! As I wait one thing I did notice that I had the option of selecting in my Plesk system for all domains I create (option to sync too) is the image I have attached. Clearly would not make a difference now for limit, but maybe that can assist later with Wildcard?

Detail: too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-05-11 09:04:43 UTC: see Rate Limits - Let's Encrypt

plesk11400×512 46.3 KB

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

And to assist with debugging there is a great place to start is Let's Debug.

Edit

Hi @bowm02
And here is a list of issued certificates crt.sh | female-rappers.com

Thank you! I wonder if I can just use Acme CA with just a wordpress SSL plugin? I typed Acme CA in wordpress plugin search and two show up, though I wouldn't know if any use Acme Ca even reading info about plugin.

The link you provided with all the certificate issuance dates is helpful I think, now I'm trying to understand (not at all currently) the easiest way to impliment Acme Ca instead (plugin would be nice) or alternatively I will just wait into limit is removed. I appreciate the link to the Acme page, but I do not see any directions and it sounds like I won't be able to resolve easy if I chose Acme? ACME CA Comparison - Posh-ACME

I think I might have figured something out? On my first VPS I opened up a lot more ports then new one. One message I received a message with a plugin that port 2083 is not connected.
"Failed to connect to 127.0.0.1 port 2083 after 0 ms: Couldn't connect to server"

I'm going to enable the same ports on the first server I had to the second server! Maybe that will help. I actually wanted to read more about all the ports I did enable on the first server at a later time. Do you think this is a problem like the plugin says (I didnt actually try to activate SSL again, just checked the plugin error log after installing plugin) and mentioned that Port.

I apologize for so many replies. I am excited to read and learn and then I'm overwhelmed intellectually! Since we have spoke, I did not try to activate SSL through the plugin I downloaded " Auto-Install Free SSL 4.5.1" . It is NOT activated.

1. I did however, notice I did not have the second Plesk desktop connected to SSL. That worked easy! "Secure Plesk with a free SSL/TLS certificate"
2. Then I went in Plesk and updated my "Service plan Unlimited was successfully synced with subscriptions" with the option "SSL It! " under additional services to apply to all domains under that Ulimited plan (theres only one domain)
3. Then I enabled the entire port list that I enabled on my first VPS
4. Then I visited my website and all of a sudden I have SSL Again?
5. The link you provided crt.sh | female-rappers.com does not show a new certificate was issued at this moment so I guess the one I placed on entire VPS does not show yet or is using one already listed?

Doesn't IONOS have a WordPress hosting option? Maybe just using that service from them instead of the one you already bought would be easier for you?