Error 500 when renewing certificate in section.io API

,

Hello Support Team,

When I try to renewcertificate from Domain api then it gives me 500 status code.

This was question from a user who was using section.io’s Swagger API to renew or provision a Let’s Encrypt SSL certificate.

There are several reasons you will see 500 errors. Here are a couple of common ones.

  1. DNS not point at us or has not propagated.
    For SSL provisioning to work, the CA(certificate authority) will perform a verification on that domain.
    If you have not pointed the DNS for that domain at our platform, the verification fails. Similarly, if you have pointed the DNS record at us, depending on the previous TTL of the DNS record, it may take some time to propagate the DNS change. You may need to try to hit the API a few times, waiting a few minute before each try.

We always recommend reducing the TTL for your DNS record to some thing low(300seconds) a day or so before go-live. This way it only takes a short amount of time for DNS propagation and then SSL to provision.

  1. Weekly limit exceeded
    Let’s Encrypt has a limit of 20 SSLs issued per domain. So if you were to provision many sub domains, you may encounter this limit.
    e.g. www.example.com, image1.example.com, image2.example.com are all sub domains of example.com
    And if you were to provision 20 SSL certificates for example.com and its sub domains in less than 7 days, you will hit the 20/week limit and be returned a 500 error.

This 7 day limit is a sliding window. So if you had provisioned 5 certificates on day 1 and 15 certificates on day 7, then on day 8 you will have 5 available certificate provisions.