| At line 5 changed one line |
| __⚠️ Proxy Configuration:__ f your server accesses the internet through a proxy, ensure that the following Let’s Encrypt domains are whitelisted to allow successful certificate issuance and renewal:\\ |
| __⚠️ Proxy Configuration:__ if your server accesses the internet through a proxy, ensure that the following Let’s Encrypt domains are whitelisted to allow successful certificate issuance and renewal:\\ |
| At line 28 changed 2 lines |
| • http-01 -> This is an HTTP-based challenge and requires CrushFTP to have an HTTP Server item accessible externally on port 80. Make sure HTTPS redirect is disabled. (ACME v1 only supports HTTP-based challenges.)\\ |
| • tls_alpn -> (Only works with Java 11 or higher) This is a TLS-based challenge and requires CrushFTP to have an HTTPS Server item accessible externally on port 443.\\ |
| • http-01 -> This is an HTTP-based challenge and requires CrushFTP to have an HTTP Server item accessible __externally__ on port __80__.\\ |
| • tls_alpn -> (Only works with Java 11 or higher) This is a TLS-based challenge and requires CrushFTP to have an HTTPS Server item accessible __externally__ on port __443__.\\ |
| __⚠️ Note:__ Let’s Encrypt only validates __domain ownership__ via ports __80 (for HTTP-01 challenge)__ or __443 (for TLS-ALPN-01 challenge)__. Other ports (such as 444 or 8080) will not work for certificate issuance.\\ |
| At line 37 changed one line |
| example.com,www.example.com,ftp.example.com |
| example.com,ftp.example.com |
| At line 52 removed 2 lines |
| Once all fields are completed, click Submit. The keystore will be created at the specified path.\\ |
| \\ |
| At line 58 added 2 lines |
| Once all fields are completed, click the __Test__ button to validate your configuration. If the test is successful, click __Submit__ to generate the keystore at the specified location.\\ |
| \\ |
| At line 67 changed one line |
| __Submit Button:__ Issues a new certificate or initiates a renewal based on the current configuration.\\ |
| __Submit Button:__ Issues a new certificate or initiates a renewal based on the current configuration. ⚠️ Use this only after the __Test button__ has confirmed a successful setup.\\ |
| At line 89 changed one line |
| __⚠️ Note:__ Let’s Encrypt only validates on ports __80__ or __443__, depending on the challenge type selected. Other ports (e.g., 444, 8080) will not work for certificate issuance.\\ |
| __⚠️ Note:__ Let’s Encrypt only validates domain ownership via ports __80__ or __443__, depending on the challenge type selected. Other ports (e.g., 444, 8080) will not work for certificate issuance.\\ |
| At line 91 changed one line |
| __3.)__ Re-enter the Keystore Password and Key Password, and test again.\\ |
| __3.)__Use test mode first: Always click the Test button before making a real certificate request. This validates your configuration and helps avoid hitting Let’s Encrypt rate limits during setup.\\ |
| At line 94 added 51 lines |
| __4.)__ Check the main CrushFTP.log for errors, especially rate limit issues. Look for entries such as __LetsEncrypt:Challenge result__ that may include error details.\\ |
| \\ |
| __Common Let’s Encrypt rate limit error types__:\\ |
| {{{ |
| SERVER|LetsEncrypt:Challenge result: { |
| "type": "tls-alpn-01", |
| "status": "invalid", |
| "error": { |
| "type": "urn:ietf:params:acme:error:rateLimited", |
| "detail": "Error creating new order :: too many certificates already issued for exact set of domains: example.com,www.example.com: see https://letsencrypt.org/docs/rate-limits/", |
| "status": 429 |
| } |
| } |
| }}}\\ |
| {{{ |
| SERVER|LetsEncrypt:Challenge result: { |
| "type": "tls-alpn-01", |
| "status": "invalid", |
| "error": { |
| "type": "urn:ietf:params:acme:error:rateLimited", |
| "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", |
| "status": 429 |
| } |
| } |
| }}}\\ |
| {{{ |
| SERVER|LetsEncrypt:Challenge result: { |
| "type": "tls-alpn-01", |
| "status": "invalid", |
| "error": { |
| "type": "urn:ietf:params:acme:error:rateLimited", |
| "detail": "Error creating new account :: too many registrations for this IP :: see https://letsencrypt.org/docs/rate-limits/", |
| "status": 429 |
| } |
| } |
| }}}\\ |
| Let’s Encrypt enforces strict rate limits to prevent abuse. If your request fails, check the logs for messages indicating you’ve hit a rate limit.\\ |
| Below are common limits and their reset windows:\\ |
| -__Duplicate Certificate Limit__:\\ |
| • Limit: 5 identical certificates per domain per week\\ |
| • Reset: 7 days after the first certificate issuance\\ |
| -__Certificates per Registered Domain__:\\ |
| • Limit: 50 new certificates per week for the same base domain (e.g., example.com)\\ |
| • Reset: 7 days\\ |
| -__Failed Validation Attempts__\\ |
| • Limit: 5 failed validation attempts per account, per hostname, per hour\\ |
| • Reset: After 1 hour\\ |
| -__Account Creation Limit__:\\ |
| • Limit: 10 new accounts per IP address every 3 hours\\ |
| • Reset: After 3 hours\\ |
| \\ |
