While trying to set up a certificate for use with a Synology DiskStation, I ran into problems forwarding port 80 to the DiskStation. After four failed attempts, Let's Encrypt has slapped my hand and said "Maximal certificate requests reached for this domain." The domain is freret.org.
How do I recover?
Hi @payne, and welcome to the LE community forum 
If five certs have been issued, then you should use one of them OR wait one week to get another.
If too many attempts have been made, then that should be a one hour wait.
You could also try using the staging environment [while testing].
The domain freret.org has no IP.
For future reference: testing and debugging are best done using the Staging Environment and to assist with debugging there is a great place to start is Let's Debug.
Moved to the Help category.
Let's Debug is a godsend. Thank you for alerting me to it. The domain freret.org itself has not an IP address. But host mail.freret.org does.
I can't see any certificate for that domain: crt.sh | freret.org
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Using this online tool TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid
The only open Port is 53 using nmap from my IPv4 location.
$ nmap -Pn mail.freret.org
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-09 11:46 PST
Nmap scan report for mail.freret.org (107.128.99.89)
Host is up (0.051s latency).
Not shown: 848 closed ports, 151 filtered ports
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 84.94 seconds
Hi Bruce,
"The only open Port is 53 using nmap from my IPv4 location."
I think you overlooked port 25, SMTP.
My instant challenge is convincing my Linux firewall to map incoming port 80 to an in-house Synology DiskStation. Due to some impending travel, I will have to put this effort on hold.
This is what nmap shows from my Comcast Xfinity IPv4 only location in the Portland Metro Area (Oregon).
$ nmap -Pn mail.freret.org
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-02-09 12:17 PST
Nmap scan report for mail.freret.org (107.128.99.89)
Host is up (0.051s latency).
Not shown: 848 closed ports, 151 filtered ports
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 69.07 seconds
107.128.99.89 is in California, between San Francisco and San Jose. As your TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid scan showed, there are two open ports: 25 and 53.
Thanks for helping me out.
But not port 80. Maybe your ISP is blocking it?
Thanks for the suggestion. With tcpdump I can see incoming attempts from letsdebug.com to mail.freret.org.
It's my Linus firewall that I haven't (re)mastered after several years of not having to fiddle with it. .
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
