Unable to Create a SSL Certificate - Rate Limiting Error


#1

Hi,

I am trying to create a SSL certificate for one of my sub-domain but unable to do it through https://www.sslforfree.com/create?verify_dns&domains=webstore.hetch.in

Getting below error

Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree. If there is a rate limiting error at the end of this paragraph certificates per Domain is currently 5 per 7 days. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Error finalizing order :: CSR is missing Order domain “webstore.hetch.in””, “status”: 403

I have only created only 3 certificates for my domain and the last certificate was created > 7 days

Kindly help me to resolve this error

Thanks


#2

hmm…
https://crt.sh/?q=%.hetch.in
does follow your claim.

But the actual error seems to be:

If you still have a copy, paste the CSR here or review it yourself with:
openssl req -in public.CSR -text -noout | grep -E 'CN=|DNS:'

A common, and possible, mistake here is: NOT including the CN name in the SAN list.
The cert must have a common name and it must be in the SAN.


#4

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=In, ST=Tamil Nadu, L=Tirupur, CN=manage.hetch.in, O=Hetch Technologies/emailAddress=contact@hetch.in
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d0:60:27:36:1a:07:28:ab:17:54:4a:13:55:fd:
f1:27:78:7d:1f:be:d2:37:8f:d8:2a:d7:91:4c:c4:
9a:28:e7:5e:1f:f0:59:95:86:24:b6:a1:9d:f3:7b:
54:b4:1f:ff:aa:3d:fa:03:d7:9f:df:52:70:de:65:
ff:48:d8:98:e3:25:8f:38:58:02:77:ec:73:6b:81:
54:f6:bd:99:d7:b5:1b:09:7e:f6:fe:62:b5:4d:02:
26:8c:fe:f5:cf:35:29:9a:b4:19:e0:91:91:ee:6f:
f9:09:ca:01:6a:5f:d1:25:ae:99:b9:e2:d4:0f:74:
cb:3b:24:08:0d:d3:49:bc:26:20:ed:d1:3e:75:b9:
84:86:5c:b1:6f:28:2d:6b:4a:e1:6b:67:cc:0b:5e:
1a:fe:13:f8:f2:28:0a:7e:d3:bc:50:b8:f7:a0:66:
3a:f6:38:02:26:c4:d5:cf:37:41:5e:17:7b:f6:cd:
2d:5e:77:ce:7f:aa:45:48:de:56:80:43:26:ff:e7:
ac:33:09:41:90:89:a9:ec:6a:b2:a5:83:52:14:2a:
e9:da:81:2e:5d:56:f0:0f:b5:5e:d2:1b:32:df:65:
68:a8:16:33:44:77:d8:c5:76:89:9a:93:af:d1:4e:
64:5e:a3:e6:3d:0d:71:69:4b:e2:d9:f6:13:f9:ca:
39:0b
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
82:be:89:23:78:e5:8d:f1:b7:4e:0e:da:b4:20:e9:85:d8:79:
21:f4:aa:c7:0d:bb:3e:b6:8c:54:e8:5f:33:75:e8:22:e9:03:
66:de:65:7c:07:98:e8:7c:88:83:70:79:ca:21:24:92:6c:96:
3a:ac:c7:fa:45:e3:5d:6b:c4:a1:11:fd:1b:7a:65:a0:00:f9:
ff:f4:5c:14:89:ac:04:34:d5:ec:7b:bb:fd:14:93:df:92:79:
65:81:57:dc:5c:58:33:fe:6c:c7:b3:e1:ec:d2:3f:c8:60:0a:
7c:25:9a:94:33:13:a9:ab:8a:cb:d5:06:43:18:9c:b7:1e:63:
13:56:85:d6:3b:c3:ea:74:d6:20:9c:18:4a:49:23:25:f1:89:
02:d6:cf:82:30:41:58:82:ed:72:5c:ed:c6:6a:9c:64:63:6d:
77:bc:8d:75:c5:77:f1:7d:2c:46:62:c7:19:1e:4b:bc:fe:62:
a2:84:1c:70:d9:98:ba:45:9a:9d:26:c9:1b:e6:78:e1:fe:c6:
7d:f6:49:20:fd:ee:a9:8d:e5:11:a7:f2:64:58:d8:22:69:95:
71:3f:6d:ed:16:c4:ef:9a:a7:ca:af:58:50:ed:79:39:d1:d8:
59:56:78:27:6b:8c:3c:0e:59:a8:c9:8a:c7:55:1c:aa:7e:ff:
b3:09:c4:c7


#5

It has no SAN (which can be problematic).
And the Subject contents seem out of order:
Subject: C=In, ST=Tamil Nadu, L=Tirupur, CN=manage.hetch.in, O=Hetch Technologies/emailAddress=contact@hetch.in
I’ve always seen the FQDN come first.
Retry by correcting one, or both, of those and reply with your result(s).

Curiously, how did you generate the CSR ?


#6

Hi rg305,

Thank you for your help

CSR was the problem

Issue resolved now

Thank you very much


#7

Please show what a working CSR looks like.
(for posterity)


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.