Why do I SSL Certificat problem again for my old domain?

chegmarco · September 16, 2025, 4:07pm

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 24.04.3
Virtualmin version	7.40.0

Hi all.

I’ve had a domain name from “Namecheap” for almost a year now, connected to a VPS at “Contabo”, and it was working fine via HTTPS until I discovered this this morning:

The problem is that the site is inaccessible directly, which wasn’t the case until I noticed it today. And when I try to reactivate the SSL certificate from Virtualmin, I get the following error, which surprises me, given that this domain has been running on a VPS for almost a year:

I’m really surprised. What could be causing this SSL certificate error, given that everything has been working fine since the domain and VPS were linked and installed on Virtualmin for a year?

Please help me.

Steini · September 16, 2025, 4:23pm

The validation has been failing repeatedly, so your account hit the failed-validation rate limit. Possible reasons could be:

LE can’t reach http://<your-domain>/.well-known/acme-challenge/
Your DNS isn’t pointing where you think
Port 80 is blocked or not served
Redirects (e. g., .htaccess) block the LE challenge
Anything on Namecheap/Contabo side

Check /var/log/letsencrypt/letsencrypt.log for the exact reason.

chegmarco · September 16, 2025, 4:51pm

Here is the log contains:

...
...
...

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE",
  "status": 429
}
2025-09-16 18:41:01,274:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE
2025-09-16 18:41:01,345:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:01,345:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE
2025-09-16 18:41:27,026:DEBUG:certbot._internal.main:certbot version: 2.9.0
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Arguments: ['-a', 'webroot', '-d', 'domain.com', '-d', 'www.domain.com', '-d', 'mail.domain.com', '-d', 'admin.domain.com', '-d', 'webmail.domain.com', '--webroot-path', '/home/domain/public_html', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/606584_2120379_4_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'domain.com', '--no-autorenew', '--reuse-key', '--key-type', 'rsa']
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-09-16 18:41:27,045:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-16 18:41:27,048:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-09-16 18:41:27,048:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x74458459e9f0>
Prep: True
2025-09-16 18:41:27,049:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x74458459e9f0> and installer None
2025-09-16 18:41:27,049:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-09-16 18:41:27,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2272939596', new_authzr_uri=None, terms_of_service=None), 3a4be63c966c5fbbe5daaa83c6ec6935, Meta(creation_dt=datetime.datetime(2025, 3, 10, 9, 2, 44, tzinfo=<UTC>), creation_host='host.domain.com', register_to_eff=None))>
2025-09-16 18:41:27,185:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-16 18:41:27,188:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-16 18:41:27,681:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-16 18:41:27,685:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:27 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "fdUMwpxLv7E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-09-16 18:41:27,805:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-09-16 18:41:27,805:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for domain.com and 4 more domains
2025-09-16 18:41:27,807:DEBUG:certbot.configuration:Var reuse_key=True (set by user).
2025-09-16 18:41:28,152:INFO:certbot._internal.client:Reusing existing private key from /etc/letsencrypt/live/domain.com/privkey.pem.
2025-09-16 18:41:28,164:DEBUG:acme.client:Requesting fresh nonce
2025-09-16 18:41:28,164:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-09-16 18:41:28,296:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-09-16 18:41:28,297:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:28 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: z38KXhlRZNvJK9eNdmXOewcI33jXcTIX5DykCAutr9j23ursjgU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-09-16 18:41:28,298:DEBUG:acme.client:Storing nonce: z38KXhlRZNvJK9eNdmXOewcI33jXcTIX5DykCAutr9j23ursjgU
2025-09-16 18:41:28,300:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "mail.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "admin.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "webmail.domain.com"\n    }\n  ]\n}'
2025-09-16 18:41:28,310:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjI3MjkzOTU5NiIsICJub25jZSI6ICJ6MzhLWGhsUlpOdkpLOWVOZG1YT2V3Y0kzM2pYY1RJWDVEeWtDQXV0cjlqMjN1cnNqZ1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "XbRZPpXMbjGFYiV1hwEb1fux0XgpmhUO7duPrIA7hBqNgd-q_oe1lLuBuSaLdyhTeYua3Jpm39IORYxund14c-m-RzwmI4z3fYL3aoewpSWV7weGj5Xg7R_8yphHGGIGndTGiYLc-4EU5eGcXU3LzxvFGrgg6CaU7ePbp5oA7ral8nR4ie2LZ0HbyZpJehw0LEuwSuXcb4kqWUJUzbW55CZHtTGtUBMUXee0G_cUK9LQYe_bGZlMmqxLdtuHU9KND1gb2Jr9WakxOJ79KPumVto7YLrxcSjNhbN4FG9AXe9gqIIIrCLixqUoqPrj-jfjf-Yuyf6fhv4vvSqnT8ChVg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLnNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3ZWJtYWlsLnNmcml4LmNvbSIKICAgIH0KICBdCn0"
}
2025-09-16 18:41:28,473:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 502
2025-09-16 18:41:28,476:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 16 Sep 2025 16:41:28 GMT
Content-Type: application/problem+json
Content-Length: 502
Connection: keep-alive
Boulder-Requester: 2272939596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: z38KXhlRcMq5QC__QjxGraqvSo1diZo0MHbOMEoBU1D4b98ofOA

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I",
  "status": 429
}
2025-09-16 18:41:28,482:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I
2025-09-16 18:41:28,519:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:28,519:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I
2025-09-16 18:41:30,790:DEBUG:certbot._internal.main:certbot version: 2.9.0
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'domain.com', '-d', 'www.domain.com', '-d', 'mail.domain.com', '-d', 'admin.domain.com', '-d', 'webmail.domain.com', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/351462_2120379_5_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'domain.com', '--no-autorenew', '--reuse-key', '--key-type', 'rsa']
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-09-16 18:41:30,811:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-16 18:41:30,812:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2025-09-16 18:41:30,813:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='manual', value='certbot._internal.plugins.manual:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7a245cfec0b0>
Prep: True
2025-09-16 18:41:30,814:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7a245cfec0b0> and installer None
2025-09-16 18:41:30,814:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2025-09-16 18:41:30,946:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2272939596', new_authzr_uri=None, terms_of_service=None), 3a4be63c966c5fbbe5daaa83c6ec6935, Meta(creation_dt=datetime.datetime(2025, 3, 10, 9, 2, 44, tzinfo=<UTC>), creation_host='host.domain.com', register_to_eff=None))>
2025-09-16 18:41:30,947:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-16 18:41:30,951:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-16 18:41:31,425:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-16 18:41:31,426:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:31 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "lDJzXw9CUIU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-09-16 18:41:31,599:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-09-16 18:41:31,599:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for domain.com and 4 more domains
2025-09-16 18:41:31,600:DEBUG:certbot.configuration:Var reuse_key=True (set by user).
2025-09-16 18:41:31,976:INFO:certbot._internal.client:Reusing existing private key from /etc/letsencrypt/live/domain.com/privkey.pem.
2025-09-16 18:41:31,986:DEBUG:acme.client:Requesting fresh nonce
2025-09-16 18:41:31,987:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-09-16 18:41:32,126:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-09-16 18:41:32,126:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:32 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JV8I8jm1phIt4-8Yt7dUfCfJCi0VdHaWqNvEbTxHY9upl3RaXnk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-09-16 18:41:32,127:DEBUG:acme.client:Storing nonce: JV8I8jm1phIt4-8Yt7dUfCfJCi0VdHaWqNvEbTxHY9upl3RaXnk
2025-09-16 18:41:32,128:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "mail.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "admin.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "webmail.domain.com"\n    }\n  ]\n}'
2025-09-16 18:41:32,136:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjI3MjkzOTU5NiIsICJub25jZSI6ICJKVjhJOGptMXBoSXQ0LThZdDdkVWZDZkpDaTBWZEhhV3FOdkViVHhIWTl1cGwzUmFYbmsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "PhoWNvS4OScCPvjY9shCO80Zqvrnlvvb1OgYqk_xamoREmF4DcXDQV_2wa2SdsZiIAZY6H_IuQc0yXMc816dJBVMeaFQW5ZzjaJDm4nuq1lQ_iEl-I9v-WCCWcQyEWWHzYKL_kru4gMb3CbzDCYpCSGl_bVqLvGVffGYyw04NAOXWrysBfVUaRVMXb1bQvU0Y_BroLmVRLXJ4ieuP-IPhj_-bw3YbE8CIlZ8DzR8wUICOrat3pFKdG90g_bCmHJyZU6btKhB_F_ONcbea1E8aU7WqocGwdEvK4rFuHIF8AQUfdE-2KD6gUpP7zED_XexYhEgU_Q1Lh7kFAtZ6ObOhA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLnNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3ZWJtYWlsLnNmcml4LmNvbSIKICAgIH0KICBdCn0"
}
2025-09-16 18:41:32,284:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 502
2025-09-16 18:41:32,285:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 16 Sep 2025 16:41:32 GMT
Content-Type: application/problem+json
Content-Length: 502
Connection: keep-alive
Boulder-Requester: 2272939596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qRkKkMTFUA24-2SI0z83qgYeOEE7kZ6Qq3XcQS_pMYCTEHHXkeo

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk",
  "status": 429
}
2025-09-16 18:41:32,286:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk
2025-09-16 18:41:32,292:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:32,292:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk
root@host:~#

I specify that I replaced Our Domain Name by domain or domain-other.

Ilia · September 16, 2025, 6:15pm

chegmarco:

"detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE",

Hey there! If you’ve made a bunch of requests lately, you might be temporarily on cooldown. Just click the suggested link and give it another shot!

system · November 15, 2025, 6:15pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.