- Plesk for Linux
Let's Encrypt notification emails are being received every day with following content:
CONFIG_TEXT: Could not secure domains of John Doe (login firstname.lastname@example.org) with Let's Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Detail: Error creating new cert :: too many certificates already issued for exact set of domains: my.example.com: see https://letsencrypt.org/docs/rate-limits/
The following domains have been secured without some of their Subject Alternative Names:
The following Let's Encrypt certificates have been renewed without some of their Subject Alternative Names:
Following multiple records in
CONFIG_TEXT: ERR [extension/letsencrypt] Failed to resolve challenge for domain www.my.example.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890.
ERR [extension/letsencrypt] Failed to resolve challenge for domain webmail.my.example.com: Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567899.
Empty response from
digcommand line utility when checking DNS records for
# dig @188.8.131.52 +short www.my.example.com
# dig @184.108.40.206 +short webmail.my.example.com
Trying to renew manually Let's Encrypt certificate for the domain
my.example.com, not including
webmailsubdomains, fails with following error:
PLESK_ERROR: Error: For my.example.com could not be issued SSL / TLS certificate from let's encrypt. The limit "Certificates per Registered Domain" has been exceeded for my.example.com. In Let's Encrypt, a maximum of 20 certificates can be issued per registered domain per week.
For more information, see the appropriate Knowledge Base article.
Additional error information:
%% message %%
The certificate which is to be renewed includes
webmail subdomains. DNS records of these subdomains were pointing to IP address of Plesk server earlier, do not anymore. Therefore, Let's Encrypt has reached rate limit trying to renew the certificate and failing in the process.
Recreate manually Let's Encrypt certificate disabling
webmail subdomains in Domains > my.example.com > Let's Encrypt: