Creating certificate - Return code: 403 Details: Invalid response

I created a subdomain on my hosting.
I have created a CNAME record.
Now I am trying to create a LET’S Encrypt certificate in ISP Manager, but in the issue of issuing such errors
RETURN CODE: 403
Details: Invalid Response from https://mv.moscow-battle.ru
RETURN CODE: 429
Details: Error Creating New Order :: Too Many Failed Authorizations Recently
My hoster replied that:
You use cloudflare and they hide our IP and the module cannot check, about it just says in the journal.
If you have a certificate problem, contact CloudFlare to clarify.

You may temporarily unproxy the subdomain, wait until the Let’s Encrypt validation is complete and SSL cert has been installed, then enable proxy again.

Like this?

Correct.

Time needs to pass?
Because now continues to give mistakes

Return code: 400

Details: DNS problem: NXDOMAIN looking up A for www.adminer.moscow-battle.ru - check that a DNS record exists for this domain

Return code: 429

Details: Error creating new order :: too many failed authorizations recently

After the errors wrote

Could not receive a certificate within 24 hours. Repeated attempts will not be done

@MoreHelp

Where are you seeing the error that you mentioned on your ticket and post?

1 Like

This domain www.adminer.moscow-battle.ru is different from this one adminer.moscow-battle.ru from here:

Also the www.adminer.moscow-battle.ru is a second level subdomain which actually is not getting covered by normal SSL Certificates. If you tried this multiple times you will encounter this error

as you have tried to issue an SSL Certificate to often on a non-existing domain which then blocks (for one day or so) the issuing for you whole APEX-Domain.

So please next time (when it again works) do not issue a SSL Cert for:
www.adminer.moscow-battle.ru
but for:
adminer.moscow-battle.ru

About the domain

this domain is just using CloudFlare as DNS Only and not as Proxy, therefore CloudFlare does not hide your IP on this Subdomain, so very poor reply from your Hoster, but thb its not your hosters fault anyway.

When I call your site the origin Server replies with a self-signed Certificate and not any publicly valid one.

1 Like

Here (ISP Manager → Logs Let’s Encrypt)

Ok, I deleted www … from the domain settings, like alias

mv.moscow-battle.ru
This is created an alias for adminer.moscow-battle.ru

In general, I understood everything, but how can I solve the problem now?

The log clearly says:

(sorry my russian isnt the best and I have not practieced it for a long time)
AFAIK не удалось получить сертификат в течение 24 часы
Stands for the certificate could not be issued within 24 hours. But actually that is more likely refering to the “5 Certs per week limit” like described here:

But on the other hand the error which was added to the right bottom corner of your Screenshot:


NXDOMAIN looking up A for [...?]” would be more interesting as it ATM does not show on which URL the error actually is happening.
It seems to be the same error like here:

And therefore I think it still refers to www.adminer.moscow-battle.ru and not to adminer.moscow-battle.ru.

The solution would be:
try to issue a SSL Cert AFTER the grace period has passed for the domainadminer.moscow-battle.ru and if you get asked if you additionally want to secure the www-edition of this Domain please select no, or unselect it as the secondlevel subdomain www.adminer. does not exist.

After this the issueing-process should actually pass and you will be able to use this domain.
But please keep in mind, that this is no CloudFlare error as CloudFlare is not limiting you in creating this second level subdomain.

Just remembered this one:

So if you previously have had your Entry set to :orange: AND you had “SBFM” activated this could be the reason aswell.
Then I would recommend disabeling “SBFM” and also not turn it on again untill things are fixed.

That is meant this time?

Yes seems like you are allowed to issue 50 times a week a SSL Cert from Lets Encrypt for the same APEX-Domain.

I just had a read here:

And seems the limit is at 50 times, not at 5 times. But anyway it seems you have already reached the limit and therefore you must wait.

Just try again every day untill it works.

If you dont want to wait you can also just install the origin SSL Certificate CloudFlares offers to you for free. But for this one you must turn on proxy :orange: on the domain you want to use it.

Ok, how to make - try creating a new LET’S Encrypt certificate?
How to remove this, which is unsuccessful (with www)?

This will not work untill you sorted out the error or let the grace period pass.

For knowing how to set up CloudFlares origin SSL Certificate you will find here the documentation:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

Also if you want to fix that error we actually have to differenciate between these two errors:

403 (forbidden)
and
429 (rate limit)

I am very sorry, but still I do not understand what to do? Just wait?
If so, what to do then?

Hm I just described it. You do have different options:

  1. Change to a different SSL Cert provider (like CloudFlare) and the problem would be solved immediately
  2. fix the problem and try again AFTER the grace period passed.
    2.1 to fix the problem you will need to ask (first search!) in the Lets Encrypt Community for Error 403 and therefore fix the core problem because otherwise you will again run into the ratelimit.