Lets Encrypt SSL Troubleshooting

Below you can find some of the common errors associated with issuing or renewing SSL certificates under the Let’s Encrypt Free SSL Project.

Rate limit error – too many certificates for this domain

Most likely, you have issued and deleted certificates of the same root domain too many times. These limits are quite low during the Let’s Encrypt beta period.

Rate limit error – too many registrations

The server may have hit a rate limit for too many new account registrations for a single IP address.

In this case, you should be able to proceed within 24 hours.

authz error

This is intermittent with the Let’s Encrypt service, you should be able to try again immediately and succeed.

Failed to issue certificate: The Let’s Encrypt HTTP challenge failed – is .well-known/acme-challenge accessible in your webroot?

First, you need to check that you can actually access http://your-domain.com/.well-known/acme-challenge . If you cannot, then the issue is likely an .htaccess rule blocking access, such as the following, which prevents access to dotdirs:

RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]

How to resolve invalid redirects

You can try to add this code at the beginning of your .htaccess file:

RewriteEngine On
RewriteRule ^.well-known - [L]

If that does not work, you may modifiy your existing rewrite code to include the following line:

RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC]

For example:

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI
If you have any AAAA records set on your DNS zone. These must be disabled or the ssl registrations will fail.
Was this answer helpful? 0 Users Found This Useful (2 Votes)