After years of using lets encrypt with my QNAP, I'm now getting this error in my QNAP GUI when trying to renew:
"The domain name you are using has reached the maximum number of let's encrypt certificates"
My domain name is pauli.dk, and my QNAP server is on the subdomain home.pauli.dk
My QNAP server is a TS-264 with latest firmware V5.1.2
During the years, sometimes renewing has given my problems, since I forget to open the right ports, etc. and this has caused me sometimes to try and start from scratch and get a new certificate. I then also is in doubt about what part of the domain name to specify.
Perhaps this is causing problems so I now have too many certificates.
After some struggling I managed to get it to work again. But looking at the below (crt.sh), there seems to be a lot of expired certificates, and also certificates for both home.pauli.dk and pauli.dk. Most likely because I have messed up several times.
Are all these counting toward a limit? And if they do, how do I delete them and 'clean up'?
PS: www.pauli.dk is hosted by google sites, but this should not affect my above problem.
Yes, I managed to get it working by requesting a new certificate for 'home.pauli.dk'. With just 'pauli.dk' I get the error. But I think this is expected since the server is on the subdomain 'home.pauli.dk'. I guess I have tried unsuccesfully too many times with 'pauli.dk'.
Im worried that all the old experied certificates eventually will cause problems also for 'home.pauli.dk', so Im seeking to delete, revoke or clean up
nobody care about expired certificate: you can just delete it on local disk if you want and ignore otherwise: CA won't accept revoke request for expired certificate as its already invalid anyway
Hmm. I guess this is what I expected. But then why did I get the limit error when trying to get a certificate for 'pauli.dk'
I'm still in doubt what is the 'correct' way to request the certificate. I just use the QNAP GUI, 'Get from Lets Encrypt'. A dialog asks for Domain name, email and Alternative name which I just leave empty.
Since www.pauli.dk is hosted by Google, I believe the correct doamin to enter must be 'home.pauli.dk'
I entered 'home.pauli.dk' as domain and this seems to work for now.
That error message was modified by QNAP so I am not sure what it is exactly.
It is most likely related to doing too many failed attempts within an hour. You are allowed 5 failures per hour per account and domain. You must then wait an hour to try again.
Another common error is issuing more than 5 identical certs in the same week. But, this is not your case. One, had you gotten this error you would be blocked for that domain name for a week which you were not. And, the public logs don't show very many certs issued. Note that crt.sh often shows 2 entries for the same cert - a Precert and the Leaf. These only count as one cert.
You can read about the Let's Encrypt limits at this page