OS : CentOs 7 (no selinux )
Analyze : why I fail to generate ssl, it is cyberpanel problem or letsencrypt blocked my server ( normally too many times) , and I need message to provide it.
Initial information :
- domain is subdomain pointing to my server ( a record point to IP)
- sample : sucms..com
- I will use cyberpanel to generate ssl cert, it always successful, it is a problem , it shouldn’t always success even fail ( I hope cyberpanel can upgrade this part on next upgrade version )
- I have tried to get ssl for :8090, but is reach the limit, so cannot test if suggest on port anymore
- at the cyberpanel log, telling ssl is generate log fail, but didn’t have detail why fail even me, finally I found the reason, and Cyberpanel can go prove it (maybe not accurate), I didn’t give up, and try different command ( as I am not linux man, so I am slow, need much time on this ),
3.1 the log tell : Failed to obtain SSL for… , it is not enough tell the reason
3.2 as i said : I use subdomain to point to this server, but I found : when doing generate ssl , it will automatically generate for : www.sucms..com …, in my understanding, it is incorrect, and no necessary, so my suggest is : "there should have a process, allow me to decide generate www or not , and it is another topic , if too many unsolvable [sub]domain , letsencrypt will spank me "
final point:
I run the command manually (without www) :
/root/.acme.sh/acme.sh --issue -d server..com --cert-file /etc/letsencrypt/live/server..com/cert.pem --key-file /etc/letsencrypt/live/server..com/privkey.pem --fullchain-file /etc/letsencrypt/live/server..com/fullchain.pem -w /home/server..com/public_html --force --server letsencrypt
[Sun Jun 5 17:23:11 HKT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jun 5 17:23:11 HKT 2022] Single domain=‘server..com’
[Sun Jun 5 17:23:11 HKT 2022] Getting domain auth token for each domain
[Sun Jun 5 17:23:13 HKT 2022] Create new order error. Le_OrderFinalize not found. {
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: server..com: see Rate Limits - Let's Encrypt”,
“status”: 429
}
[Sun Jun 5 17:23:13 HKT 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
then you will see : too many certificates (5) already issued for this exact set of domains in the last 168 hours:
conclusion :
- my domains generate ssl too many times
- hope cyberpanel can have better way to generate ssl and give accurate result for us , then there will have less issue or question.
Thanks so much .