Synology NAS Maximal certificate requests reached for this domain

Help
1

I am not able to create ssl certificate (it has been longer than 8 days - still same warning)
Checked "crt.sh" and see some certificates, but not sure how they came about, recently started hosting my site.
Not very knowledgeable. Can someone please help.Tanks in advance!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: olympiawindows.com

I ran this command: Add new certificate

It produced this output: Maximal certificate requests reached for this domain

My web server is (include version):Synology NAS 7.2-64570 Update 3

The operating system my web server runs on is (include version): Synology NAS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Crt.sh is not up to date unfortunately. The Censys certificate search is much better with that regard, but requires a (free) login to be able to search. I don't know if the following links are publicly accessible, but you have 6 (?) duplicate certificates issued the last 7 days (which is weird, because only 5 should be allowed; one of them is ECDSA instead of RSA, but this shouldn't matter..):

Why you're requesting certificates so much the last few days? I dunno. Did you click on the "Add new certificate" button three times the 13th, and once on the 15th, 17th and 18th by any chance? And why wouldn't your NAS be using those perfectly fine issued certificates? Maybe the log files give an insight into that? Did the NAS provide any other error than this current rate limit error? Or was it a success?

2 Likes
3

They are not but below is some of the recent censys history

Your domain is also not using any of these Olympia certs but instead one for kite55surfer... (see link here)

image
image1920×2615 344 KB

3 Likes
4

Thanks for your response.
Never received a succesful ssl certificate. That is why kept "adding".
What can I do now? Still showing no certificate.
Generated a log file but can not open (mac)
Thanks again!

1 Like
5

Can you upload it? Usually logs are viewable by any simple text viewer, I'm sure a Mac also has something like that.

1 Like
6

had the wrong log? (*.dat)

Now can see the "successes".But where are they?

syslog_2023-9-18-14_9_53.txt (529.5 KB)

7

I'm not sure that superficial log is sufficiant to debug the actual certificate problems. Although it's kinda strange some certs get deleted first and a short time after that get issued again.

Maybe you should also open a thread/ticket/whatever at a Synology support channel.

3 Likes
8

Thanks for your help.
One last question: Is there a way to delete the certificates (and where)
Or I have to wait till they expire.

Thanks again!!!

1 Like
9

Depends what you mean by "delete. Certificates are forever embedded into Certificate Transparancy Logs and cannot be deleted from the "internet". Anything you do on your own system, where a certificate can be deleted of course, won't affect the rate limit.

Nope, you don't have to wait for a cert to expire. With regard to the rate limit, please see the rate limit documentation at Rate Limits - Let's Encrypt.

3 Likes
10

Thank you again!!!!

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.