Get free SSL certificates with Let’s Encrypt Posted on 17 October, 2016 by Tom Aafloen I have previously blogged about how you can get a free SSL certificate from the Certification Authority called WoSign, but they have been misbehaving lately (see details here ) and some big companies like Apple, Google and Mozilla are actually considering. Hi Tomer, you have to use your own domain (mydomain.xxx) because there only can be few certificates of one domain (ovh.net). I think its 100. But if there are more than 100 Customers at OVH. So you better use your own domain for letsencrypt.
Archived
Let's Encrypt is not the solution to every Certificate problem
I keep seeing comments in this subreddit, and elsewhere on Reddit, that amount to 'Just use Lets Encrypt' for every situation related to issuing/renewing Certificates.
Often people rejecting a suggestion to use LE are treated like they're lazy or idiots.
Don't get me wrong - Let's Encrypt is fantastic - I use it, I recommend it, but it is not the solution for everything. There's a number of scenarios which make LE either infeasible or impossible to use.
Here's a couple of examples:
- Using a device which doesn't have the ability to support LE Renewal directly. (See *1)
- Needing to support clients which don't trust the LE CAs (eg embedded and older devices)
- Devices which are intermittantly accessible from the internet, or on unreliable connections (See *2)
- Complex hosting environments where LE Validation can't reach the servers that needs to have the certificate (See *2)
- Environments where there may be hundreds/thousands/tens of thousands of domains (See *3)
- Environments where the certificates being presented are pinned in configurations (90 day renewals are a problem here)
- Using DNS Zones (internal.example.com) which are delegated to DNS servers not reachable by LE
- Using 'fake' DNS Zones (company.local) which cannot be registered.
(*1) It may be possible to set up renewal through an external source (i.e cron and/or push up a change), but devices that are under strict change-control for all configuration make this difficult with the frequency that the renewals need to happen.
(*2) DNS Validation may be an option, but not possible under many situations. This also requires delegating access to update DNS zones, which themselves may be under change control.
(*3) Either above the limit for the number of SANs on a single certificate, or where there's a requirement to not use alternate names. (again, may be a device or business requirement)
Please stop treating your fellow IT Professionals like they're idiots for rejecting suggestions to use LE.
There's plenty of valid rational reasons why it's not the best solution to everything.
There's plenty of valid rational reasons why it's not the best solution to everything.
96% Upvoted
I am running a website on my Raspberry Pi with 2 different domain names.Installing the certificate for
https://
when it became necessary was no problem. But renewing it seems impossible.I have tried to renew it in many ways. The output says it is a recognized site but the program does not have enough access rights. Upon trying other ways I have now run out of opportunities having exceeded the rate limit.
This is the command I issued:
sudo certbot certonly --webroot -w /var/www/html -d tgdn.nl -d www.tgdn.nl -w /var/www/html/erfgoed -d enkes-voorburg.nl -d www.enkes-voordburg.nl
And the error:
An unexpected error occurred:
![There Were Too Many Requests Of A Given Type Letsencrypt There Were Too Many Requests Of A Given Type Letsencrypt](/uploads/1/2/5/6/125683454/641611847.jpg)
![Lets encrypt issues Lets encrypt issues](/uploads/1/2/5/6/125683454/574422692.png)
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
I cannot find anything that I see as a possible solution. Your input is appreciated.Thanks,Ton den Neijsel
Ton den NeijselTon den Neijsel