Symptoms
-
Unable to issue Let’s Encrypt certificate, it fails with one of the following error messages:
PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
One of the Let’s Encrypt rate limits has been exceeded for example.com.
See the related Knowledge Base article for details.
– Details
Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rateLimited
Status: 429
Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/
PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
One of the Let’s Encrypt rate limits has been exceeded for example.com.
See the related Knowledge Base article for details.
– Details
Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rateLimited
Status: 429
Detail: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/ -
The following error message is shown in
/var/log/plesk/panel.log
file:# egrep -B4 “too many currently pending authorizations” /var/log/plesk/panel.log | tail -n5
ERR [extension/letsencrypt] Failed to renew certificate of domain ‘example.com’: Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
Details:
Type: urn:ietf:params:acme:error:rateLimited
Status: 429
Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits
Cause
Email account used to issue Let’s Encrypt certificates has reached the maximum number of pending authorizations.
Resolution
Use a different email address.
To list all the pending challenge URLs on a Plesk server:
- Connect to the server via SSH
- Install jq utility:
# yum install jq
- Execute the following command:
# STATUS=’pending’; for file in `find /usr/local/psa/var/modules/letsencrypt/orders/*.json -maxdepth 1 -type f`; do cat $file | jq ‘.status,.challenges[].location’| egrep -A100 ^”${STATUS,,}”; done
- When there are pending challenge URLs, the following output will be shown:
"pending"
"https://acme-v02.api.letsencrypt.org/acme/challenge/U-a0BCD1eeFxlRch2WO1nbuHiqd2RLzZaAbBkKlLx/12345678901"