Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
Unable to install or renew Let's Encrypt SSL certificate:
Error: Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
One of the Let's Encrypt rate limits has been exceeded for example.com.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rateLimited
Status: 429
Detail: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Cause
Limits for issuing certificates are reached on Let's Encrypt servers. This is a Failed Validation limit of 5 failures per account, per hostname, per hour.
Resolution
The only way is to wait until limits will be reset on Let's Encrypt side.
Information about Let's Encrypt limits can be found here: Let's Encrypt | Rate Limits
The most common rate limit of 50 certificates per domain per 7 days in a place that is set by Let's Encrypt. As the limit is defined by Let's Encrypt directly and cannot be managed through Plesk. To overcome the issue wait for this week period to pass and reissue the certificate.
There are two other limits:
- User can create a maximum of 10 Accounts per IP Address per 3 hours.
- User can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours.
Comments
1 comment
Hi,
I have a couple of servers with ovh (vps and dedi). I have been attempting to secure the vps server with LetsEncrypt for several months, to no avail. It does not matter what time of the day/week/month/ year I attempt to do this, it never works. I can do it fine for individual domains on the server, but NOT the actual server itself, and hence I cannot make use of the 360 monitoring option.
I can see that plesk states they have no control over this, and that is fine and dandy to make that claim, but I would suggest it is not a valid claim to make in the circumstances. OVH is one of the largest server companies on the planet - most of their servers (and I believe all vps servers) are provided with a name that ends with ovh.net . That term (ovh.net) is precisely the reason I can not secure the server due to their ludicrously low limits. I have been attempting to secure it this way for over 6 months. The alternative would be to pay for a commercial wildcard certificate which is quite hefty in this day and age cost wise, and ive never had to pay for a server certificate in my over 20 years of running servers -- I pay for plenty of domain certs, but never for a server.
Plesk and OVH should raise this issue with let's encrypt or ditch them and find a more accommodating cert authority - or just create their fricking own Cert auth, as they both have the clout to be able to do so. Just shaking their individual heads and saying 'nuttin we can do' is not an acceptable option given the dynamics at play -- ie they both risk losing a lot of clients by failing to listen to those same clients. In time, I will eventually move elsewhere if the situation continues the way it is.
/ end of rant />
Please sign in to leave a comment.