The number of certificates issued by Let's Encrypt for your domain name has reached its limit. (Ref. 5017)

Help
1

When accessing my server (Nimbustor AS54), I want to create a certificate using the Let's Encrpyt function. It worked the first time round but after a while, failed to renew upon expiry. I deleted the certificate and decided to try it again but I get the error above. I've waited weeks but still it won't renew so it's nothing to do with the limit.

My domain is: steve-paul.homeip.net

Can you please check why I can't renew the certificate? Thanks.

2

Strange, now it works.......

3

@Steve6443 Welcome to the community.

Two things.

First, your Asus server is sending what looks like a root cert from Asus. This is not viable. You need to use a cert chain with your own name that matches your DNS and server.

openssl s_client -connect steve-paul.homeip.net:443 -servername steve-paul.homeip.net

Certificate chain
s:/C=TW/ST=Taiwan/L=Taipei/O=Asustor/OU=NAS/CN=Support/emailAddress=support@asustor.com
i:/C=TW/ST=Taiwan/L=Taipei/O=Asustor/OU=NAS/CN=support@asustor.com/emailAddress=support@asustor.com

Or, see: https://decoder.link/sslchecker/steve-paul.homeip.net/443

Second, the error you saw about the name limit is likely related to your apex domain name homeip.net. That looks like a shared system and it could be limited by the 50 certs per registered domain per week limit . See:

You can usually look up how many names are used with crt.sh but it is not right now showing the recent list using homeip.net. In fact, one of my attempts got an error from crt.sh of "Unfortunately, searches that would produce many results may never succeed"

This rate limit is something to take up with homeip.net reps

3 Likes
4

For example, they (but not an end user) could ask Let's Encrypt for a higher rate limit on the grounds that that domain is shared by a large number of different people. It is very common for Let's Encrypt to grant these requests and there's a whole process for it, but the process should be initiated by the domain registrant.

2 Likes
5

Domain homeip.net is included in Public Suffix List so in this case the rate limits for steve-paul.homeip.net should be the same as a normal domain.

Cheers,
sahsanu

3 Likes
6

So...
Which Rate Limit is being hit?
I don't understand...
crt.sh | steve-paul.homeip.net

1 Like
7

I don't know, we will need the actual output to know what's going on :wink:

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.