Forwarded to devs Could not renew Let`s Encrypt certificates because of rateLimited

[Azurel]

Username:

TITLE

Could not renew Let`s Encrypt certificates because of rateLimited

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

AlmaLinux 8.7 Plesk Obsidian Version 18.0.48

PROBLEM DESCRIPTION

I see this the first time, that "rateLimited" is exceeded, I would assume that the plugin takes care of limits?

----------------

Could not renew Let`s Encrypt certificates for XXX (login admin). Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let`s Encrypt certificates has failed:

** 'Lets Encrypt example1.tld' [days to expire: 29] **
[-] example1.tld
[-] www.example1.tld

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxx.
Details:
Type: about:blank
Status: 503
Detail: {"type": "urn:ietfarams:acme:error:rateLimited", "detail": "Service busy; retry later."}

** 'Lets Encrypt cdn.example2.tld' [days to expire: 29] **
[-] cdn.example2.tld

Invalid response from https://acme-v02.api.letsencrypt.org/acme/order/xxx/xxx.
Details:
Type: about:blank
Status: 503
Detail: {"type": "urn:ietfarams:acme:error:rateLimited", "detail": "Service busy; retry later."}

STEPS TO REPRODUCE

see description

ACTUAL RESULT

error because limit is exceeded

EXPECTED RESULT

no error

ANY ADDITIONAL INFORMATION

Same email timestamp
Date: Tue, 22 Nov 2022 05:30:14 +0100
I get another email with
Let`s Encrypt certificates for XXX have been issued/renewed
for one sub-domain.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

The "Service busy; retry later" error is usually caused by temporary issues on Let's Encrypt side (most probably related to 'degraded performance' reported here: Let's Encrypt Status).
Since certificates are automatically renewed each hour during the task, once the issues are resolved, the certificate will be renewed automatically.

If the issue persists for more than two days, consider contacting Plesk Support Team for assistance.

 

[Azurel]

Since certificates are automatically renewed each hour during the task, once the issues are resolved, the certificate will be renewed automatically.

I checked and the affected certificates are automatically renewed. However, I have not received any email about this. I would have assumed that you then also receive a mail like "Let`s Encrypt certificates for XXX have been issued/renewed"?

 

[Bitpalast]

I checked and the affected certificates are automatically renewed. However, I have not received any email about this. I would have assumed that you then also receive a mail like "Let`s Encrypt certificates for XXX have been issued/renewed"?

You can configure whether errors, successful transactions or both are mailed to the user. Simply go to "Tools & Settings" > "Plesk" > "Notifications" and check or uncheck
"SSL It! certificates auto-renewal failure (customer's digest)"
"SSL It! certificates auto-renewal success (customer's digest)"

 

[Azurel]

Thanks, but I am not sure if we misunderstand each other. I already receive mails for both cases. But apparently only if it was successful the first time request, not after an error appears.

In the settings for SSL messages "Customer" is selected and I am the only customer on the server.

 

[Azurel]

Today I get the missing mail with "Let`s Encrypt certificates for XXX have been issued/renewed". 4 days to late?
Mail was created date: Wed, 23 Nov 2022 06:30:02 +0100

Plesk said for SSL: Valid To February 20, 2023 (same as yesterday)

 

[Azurel]

Its happening again with another error. I get today morning a mail with "Could not issue/renew Let`s Encrypt certificates for XXX" because of

Invalid response from https://acme-v02.api.letsencrypt.org/acme/order/XXX/XXX.
Details:
Type: urn:ietfarams:acme:error:serverInternal
Status: 500
Detail: Failed to retrieve order for ID XXX

Take a look in Plesk I see "Valid To March 5, 2023". So its updated successful already SSL for this domain. Thats great! But there was no mail. Maybe I get it again in ~4 days