Why do I SSL Certificat problem again for my old domain?

Hi all.

I’ve had a domain name from “Namecheap” for almost a year now, connected to a VPS at “Contabo”, and it was working fine via HTTPS until I discovered this this morning:

Capture d'écran 2025-09-16 1558231676×347 8.56 KB

The problem is that the site is inaccessible directly, which wasn’t the case until I noticed it today. And when I try to reactivate the SSL certificate from Virtualmin, I get the following error, which surprises me, given that this domain has been running on a VPS for almost a year:

Capture d'écran 2025-09-16 1546201917×867 112 KB

I’m really surprised. What could be causing this SSL certificate error, given that everything has been working fine since the domain and VPS were linked and installed on Virtualmin for a year?

Please help me.

The validation has been failing repeatedly, so your account hit the failed-validation rate limit. Possible reasons could be:

1. LE can’t reach http://<your-domain>/.well-known/acme-challenge/
2. Your DNS isn’t pointing where you think
3. Port 80 is blocked or not served
4. Redirects (e. g., .htaccess) block the LE challenge
5. Anything on Namecheap/Contabo side

Check /var/log/letsencrypt/letsencrypt.log for the exact reason.

Here is the log contains:

...
...
...

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE",
  "status": 429
}
2025-09-16 18:41:01,274:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE
2025-09-16 18:41:01,345:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:01,345:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ2MSwiaWF0IjoxNzU4MDQwODYxLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.dkhyNPl1MJNFlMkvWXxDnGi5a1D0sISkcLrvIsad2pE
2025-09-16 18:41:27,026:DEBUG:certbot._internal.main:certbot version: 2.9.0
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Arguments: ['-a', 'webroot', '-d', 'domain.com', '-d', 'www.domain.com', '-d', 'mail.domain.com', '-d', 'admin.domain.com', '-d', 'webmail.domain.com', '--webroot-path', '/home/domain/public_html', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/606584_2120379_4_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'domain.com', '--no-autorenew', '--reuse-key', '--key-type', 'rsa']
2025-09-16 18:41:27,027:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-09-16 18:41:27,045:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-16 18:41:27,048:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-09-16 18:41:27,048:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x74458459e9f0>
Prep: True
2025-09-16 18:41:27,049:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x74458459e9f0> and installer None
2025-09-16 18:41:27,049:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-09-16 18:41:27,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2272939596', new_authzr_uri=None, terms_of_service=None), 3a4be63c966c5fbbe5daaa83c6ec6935, Meta(creation_dt=datetime.datetime(2025, 3, 10, 9, 2, 44, tzinfo=<UTC>), creation_host='host.domain.com', register_to_eff=None))>
2025-09-16 18:41:27,185:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-16 18:41:27,188:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-16 18:41:27,681:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-16 18:41:27,685:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:27 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "fdUMwpxLv7E": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-09-16 18:41:27,805:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-09-16 18:41:27,805:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for domain.com and 4 more domains
2025-09-16 18:41:27,807:DEBUG:certbot.configuration:Var reuse_key=True (set by user).
2025-09-16 18:41:28,152:INFO:certbot._internal.client:Reusing existing private key from /etc/letsencrypt/live/domain.com/privkey.pem.
2025-09-16 18:41:28,164:DEBUG:acme.client:Requesting fresh nonce
2025-09-16 18:41:28,164:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-09-16 18:41:28,296:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-09-16 18:41:28,297:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:28 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: z38KXhlRZNvJK9eNdmXOewcI33jXcTIX5DykCAutr9j23ursjgU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-09-16 18:41:28,298:DEBUG:acme.client:Storing nonce: z38KXhlRZNvJK9eNdmXOewcI33jXcTIX5DykCAutr9j23ursjgU
2025-09-16 18:41:28,300:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "mail.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "admin.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "webmail.domain.com"\n    }\n  ]\n}'
2025-09-16 18:41:28,310:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjI3MjkzOTU5NiIsICJub25jZSI6ICJ6MzhLWGhsUlpOdkpLOWVOZG1YT2V3Y0kzM2pYY1RJWDVEeWtDQXV0cjlqMjN1cnNqZ1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "XbRZPpXMbjGFYiV1hwEb1fux0XgpmhUO7duPrIA7hBqNgd-q_oe1lLuBuSaLdyhTeYua3Jpm39IORYxund14c-m-RzwmI4z3fYL3aoewpSWV7weGj5Xg7R_8yphHGGIGndTGiYLc-4EU5eGcXU3LzxvFGrgg6CaU7ePbp5oA7ral8nR4ie2LZ0HbyZpJehw0LEuwSuXcb4kqWUJUzbW55CZHtTGtUBMUXee0G_cUK9LQYe_bGZlMmqxLdtuHU9KND1gb2Jr9WakxOJ79KPumVto7YLrxcSjNhbN4FG9AXe9gqIIIrCLixqUoqPrj-jfjf-Yuyf6fhv4vvSqnT8ChVg",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLnNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3ZWJtYWlsLnNmcml4LmNvbSIKICAgIH0KICBdCn0"
}
2025-09-16 18:41:28,473:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 502
2025-09-16 18:41:28,476:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 16 Sep 2025 16:41:28 GMT
Content-Type: application/problem+json
Content-Length: 502
Connection: keep-alive
Boulder-Requester: 2272939596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: z38KXhlRcMq5QC__QjxGraqvSo1diZo0MHbOMEoBU1D4b98ofOA

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I",
  "status": 429
}
2025-09-16 18:41:28,482:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I
2025-09-16 18:41:28,519:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:28,519:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ4OCwiaWF0IjoxNzU4MDQwODg4LCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.XjARA49yw-tvYmg97AwrR6eX3Y-LtFXRdLchRmOcN0I
2025-09-16 18:41:30,790:DEBUG:certbot._internal.main:certbot version: 2.9.0
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'domain.com', '-d', 'www.domain.com', '-d', 'mail.domain.com', '-d', 'admin.domain.com', '-d', 'webmail.domain.com', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/351462_2120379_5_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'domain.com', '--no-autorenew', '--reuse-key', '--key-type', 'rsa']
2025-09-16 18:41:30,791:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-09-16 18:41:30,811:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-16 18:41:30,812:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2025-09-16 18:41:30,813:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='manual', value='certbot._internal.plugins.manual:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7a245cfec0b0>
Prep: True
2025-09-16 18:41:30,814:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7a245cfec0b0> and installer None
2025-09-16 18:41:30,814:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2025-09-16 18:41:30,946:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2272939596', new_authzr_uri=None, terms_of_service=None), 3a4be63c966c5fbbe5daaa83c6ec6935, Meta(creation_dt=datetime.datetime(2025, 3, 10, 9, 2, 44, tzinfo=<UTC>), creation_host='host.domain.com', register_to_eff=None))>
2025-09-16 18:41:30,947:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-16 18:41:30,951:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-16 18:41:31,425:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-16 18:41:31,426:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:31 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "lDJzXw9CUIU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-09-16 18:41:31,599:DEBUG:certbot._internal.renewal:Auto-renewal forced with --force-renewal...
2025-09-16 18:41:31,599:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for domain.com and 4 more domains
2025-09-16 18:41:31,600:DEBUG:certbot.configuration:Var reuse_key=True (set by user).
2025-09-16 18:41:31,976:INFO:certbot._internal.client:Reusing existing private key from /etc/letsencrypt/live/domain.com/privkey.pem.
2025-09-16 18:41:31,986:DEBUG:acme.client:Requesting fresh nonce
2025-09-16 18:41:31,987:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-09-16 18:41:32,126:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-09-16 18:41:32,126:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 16 Sep 2025 16:41:32 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JV8I8jm1phIt4-8Yt7dUfCfJCi0VdHaWqNvEbTxHY9upl3RaXnk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2025-09-16 18:41:32,127:DEBUG:acme.client:Storing nonce: JV8I8jm1phIt4-8Yt7dUfCfJCi0VdHaWqNvEbTxHY9upl3RaXnk
2025-09-16 18:41:32,128:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "mail.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "admin.domain.com"\n    },\n    {\n      "type": "dns",\n      "value": "webmail.domain.com"\n    }\n  ]\n}'
2025-09-16 18:41:32,136:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjI3MjkzOTU5NiIsICJub25jZSI6ICJKVjhJOGptMXBoSXQ0LThZdDdkVWZDZkpDaTBWZEhhV3FOdkViVHhIWTl1cGwzUmFYbmsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "PhoWNvS4OScCPvjY9shCO80Zqvrnlvvb1OgYqk_xamoREmF4DcXDQV_2wa2SdsZiIAZY6H_IuQc0yXMc816dJBVMeaFQW5ZzjaJDm4nuq1lQ_iEl-I9v-WCCWcQyEWWHzYKL_kru4gMb3CbzDCYpCSGl_bVqLvGVffGYyw04NAOXWrysBfVUaRVMXb1bQvU0Y_BroLmVRLXJ4ieuP-IPhj_-bw3YbE8CIlZ8DzR8wUICOrat3pFKdG90g_bCmHJyZU6btKhB_F_ONcbea1E8aU7WqocGwdEvK4rFuHIF8AQUfdE-2KD6gUpP7zED_XexYhEgU_Q1Lh7kFAtZ6ObOhA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1haWwuc2ZyaXguY29tIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLnNmcml4LmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3ZWJtYWlsLnNmcml4LmNvbSIKICAgIH0KICBdCn0"
}
2025-09-16 18:41:32,284:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 502
2025-09-16 18:41:32,285:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 16 Sep 2025 16:41:32 GMT
Content-Type: application/problem+json
Content-Length: 502
Connection: keep-alive
Boulder-Requester: 2272939596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qRkKkMTFUA24-2SI0z83qgYeOEE7kZ6Qq3XcQS_pMYCTEHHXkeo

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk",
  "status": 429
}
2025-09-16 18:41:32,286:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.9.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 399, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 137, in new_order
    response = self._post(self.directory['newOrder'], order)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 365, in _post
    return self.net.post(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 738, in post
    return self._post_once(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 751, in _post_once
    response = self._check_response(response, content_type=content_type)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/acme/client.py", line 602, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk
2025-09-16 18:41:32,292:ERROR:certbot._internal.log:An unexpected error occurred:
2025-09-16 18:41:32,292:ERROR:certbot._internal.log:Your account is temporarily prevented from requesting certificates for admin.domain.com and possibly others. Please visit: https://portal.letsencrypt.org/sfe/v1/unpause?jwt=eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJTRkUgVW5wYXVzZSIsImV4cCI6MTc1OTI1MDQ5MiwiaWF0IjoxNzU4MDQwODkyLCJpZGVudGlmaWVycyI6ImFkbWluLnNmcml4LmNvbSIsImlzcyI6IldGRSIsInN1YiI6IjIyNzI5Mzk1OTYiLCJ2ZXJzaW9uIjoidjEifQ.RhBml8jOu0FD5-a-mQhYaWMsaLoRz6Clsz_zkDnvgqk
root@host:~# 

I specify that I replaced Our Domain Name by domain or domain-other.

Hey there! If you’ve made a bunch of requests lately, you might be temporarily on cooldown. Just click the suggested link and give it another shot!