Knowledge Base

Unable to issue Let’s Encrypt certificate: too many currently pending authorizations

 
applications extensionsemailhttpsletsencryptplesk for linux

Symptoms

  • Unable to issue Let’s Encrypt certificate, it fails with one of the following error messages:

    PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
    One of the Let’s Encrypt rate limits has been exceeded for example.com.
    See the related Knowledge Base article for details.
    – Details
    Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/

    PLESK_ERROR: Error: Could not issue Let’s Encrypt SSL/TLS certificate for example.com.
    One of the Let’s Encrypt rate limits has been exceeded for example.com.
    See the related Knowledge Base article for details.
    – Details
    Invalid response from https://acme-v02-api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/

  • The following error message is shown in /var/log/plesk/panel.log file:

    # egrep -B4 “too many currently pending authorizations” /var/log/plesk/panel.log | tail -n5
    ERR [extension/letsencrypt] Failed to renew certificate of domain ‘example.com’: Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
    Details:
    Type: urn:ietf:params:acme:error:rateLimited
    Status: 429
    Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits

Cause

Email account used to issue Let’s Encrypt certificates has reached the maximum number of pending authorizations.

Resolution

Use a different email address.

To list all the pending challenge URLs on a Plesk server:

  1. Connect to the server via SSH
  2. Install jq utility:

    # yum install jq

  3. Execute the following command:

    # STATUS=’pending’; for file in `find /usr/local/psa/var/modules/letsencrypt/orders/*.json -maxdepth 1 -type f`; do cat $file | jq ‘.status,.challenges[].location’| egrep -A100 ^”${STATUS,,}”; done

  4. When there are pending challenge URLs, the following output will be shown: 
    "pending"
    "https://acme-v02.api.letsencrypt.org/acme/challenge/U-a0BCD1eeFxlRch2WO1nbuHiqd2RLzZaAbBkKlLx/12345678901"
Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt