This guide details resource exhaustion errors that can occur when managing and visiting a website.

Preamble

• Resource limits are in place to maintain the integrity, stability, and performance of the shared server, while ensuring a fair experience for all users.
• If a website or application requires significantly higher resources, it may be necessary to switch to a Serveur Cloud or another type of virtual hosting where resources are allocated more flexibly.

Error origins

Fatal error: Maximum execution time of 30 seconds exceeded

This error occurs when the server sets a time limit for script execution, usually to avoid tasks that take too long. For example, if a script attempts to resize many large images in a single operation, it may exceed the allowed execution time limit. The server imposes this limit to ensure a quick response to user requests. The path often mentioned in the error can indicate a more precise origin (for example Fatal error: Maximum execution time of 30 seconds exceeded in /home/www/1234567abc/web/wp-includes/media.php on line 123)

memory limit exceeded

This error occurs when the script or application uses more memory than allocated. This can happen when a script processes a large volume of data or when there is a memory leak. For example, an image management script may consume more memory than allowed, resulting in this error.

Resolution paths

Some ways to resolve these errors:

• Check the scripts that make multiple connections to the server to display data.
• Optimize the script(s) in question so that they require fewer resources.
• Increase the limits of the concerned site to allow the script to complete its tasks and/or limit the number of simultaneous connections (especially on a Serveur Cloud where the limits (RAM, execution time, simultaneous connections) can be significantly increased).
• Migrate your hosting to Serveur Cloud.

Also, refer to this other guide.

This guide explains how to resolve an installation issue with a Let's Encrypt certificate if you are using Cloudflare with strict security rules – especially those that filter by country or IP address.

Adjust the SSL / geoblocking settings

When you protect a website with Cloudflare and want to obtain a free Let's Encrypt SSL certificate from Infomaniak at the same time, there may be technical conflicts. These issues often arise from how Cloudflare handles security and network connections.

Let's Encrypt needs to verify that you are the owner of the domain name for which you are requesting a certificate. To do this, it sends what is called a "challenge": a specific HTTP request to your site, at an address of the type http://domain.xyz/.well-known/acme-challenge/.... If this verification fails, the certificate cannot be issued or renewed.

The issue is that some protections enabled on Cloudflare can block these verifications:

• Security rules (WAF), for example if you block certain regions of the world (like the United States or Switzerland).
• Custom rules, such as IP filtering.
• Geoblocking, which prevents certain countries from accessing your site.

However, Let's Encrypt no longer verifies from a single location. For some time now (and even more so since March 2024), it performs its verifications from several countries at the same time – including new ones like Sweden or Singapore. Result: if one of these countries is blocked by your Cloudflare settings, the certificate request may fail, even if everything else is correctly configured.

Worse still: even if you try to make an exception solely for the challenge address (.well-known/acme-challenge), this does not necessarily work with certain Cloudflare rules. Indeed, country or IP blocking rules are applied before any URL path-based exception.

Adjust the SSL/TLS mode in Cloudflare

Cloudflare offers different levels of SSL encryption. If you are having trouble with the Let's Encrypt certificate, switch to "Full" or "Full (strict)" mode instead of "Strict only". These modes allow you to use a self-signed or temporarily expired certificate while waiting for the real certificate to be renewed.

Using custom rules (advanced users)

It is recommended not to use "IP Access Rules" that cannot be overridden, but to set up "Custom rules" with geoip or any other desired rule, and especially to allow the path "/.well-known/acme-challenge/" without access restrictions so that the Let's Encrypt challenges can pass despite the restrictions in place.

Temporarily disable geographic blocking

If you block access to your site from certain countries (for example, to avoid attacks), consider temporarily lifting this restriction while Let's Encrypt performs its verification. Once the certificate is issued or renewed, you can reactivate the protections.