Knowledge Base

Unable to issue Let’s Encrypt certificate: too many currently pending authorizations

 
applications extensionsemailhttpsletsencryptplesk for linux

Symptoms

  • Unable to issue Let’s Encrypt certificate, it fails with one of the following error messages:

    PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
    One of the Let’s Encrypt rate limits has been exceeded for example.com.
    See the related Knowledge Base article for details.
    – Details
    Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/

    PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
    One of the Let’s Encrypt rate limits has been exceeded for example.com.
    See the related Knowledge Base article for details.
    – Details
    Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/

  • The following error message is shown in /var/log/plesk/panel.log file:

    # egrep -B4 “too many currently pending authorizations” /var/log/plesk/panel.log | tail -n5
    ERR [extension/letsencrypt] Failed to renew certificate of domain ‘example.com’: Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits

Cause

Email account used to issue Let’s Encrypt certificates has reached the maximum number of pending authorizations.

Resolution

Use a different email address.

To list all the pending challenge URLs on a Plesk server:

  1. Connect to the server via SSH
  2. Install jq utility:

    # yum install jq

  3. Execute the following command:

    # STATUS=’pending’; for file in `find /usr/local/psa/var/modules/letsencrypt/orders/*.json -maxdepth 1 -type f`; do cat $file | jq ‘.status,.challenges[].location’| egrep -A100 ^”${STATUS,,}”; done

  4. When there are pending challenge URLs, the following output will be shown: 
    "pending"
    "https://acme-v02.api.letsencrypt.org/acme/challenge/U-a0BCD1eeFxlRch2WO1nbuHiqd2RLzZaAbBkKlLx/12345678901"
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2023 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with love with Plesk WP Toolkit

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt