AcmeRateLimitExceededException


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ovm641.dynatrace-managed.com

I ran this command:
I’m trying to renew certificate via acme4j client

It produced this output:
Caused by: org.shredzone.acme4j.exception.AcmeRateLimitExceededException: Error creating new cert :: too many certificates already issued for exact set of domains: ovm641.dynatrace-managed.com: see https://letsencrypt.org/docs/rate-limits/

This was probably caused by my fault in client implementation. I’ve fixed the issue now. Can you please reset the limit so I can renew the certificate?


#2

Hi,

Sorry but this is not possible…

You must wait until the limit expired.

(However, you can bypass this issue by adding a new SAN into this cert)

Thank you


#3

The certificate has been renewed dozens of times – as many times as possible – starting February 19. Do you have any of the other certificates, or at least their private keys?

https://crt.sh/?q=ovm641.dynatrace-managed.com


#4

I have 2 questions then:

  1. Do you know when the limit expires?
  2. Do all requests that currently fail still count?

#5

This is described at

The answer to your second question is no; those are covered by a separate rate limit that expires after one hour.


#6

There are multiple limits that can be hit. The limit for exact set of domains is five per seven days. There’s also a limit of twenty per registered domain per seven days. Failed attempts do not count against this, but they do count against the limit of five failures per hostname per hour.


#7

I have rerun the request to get the certificate and I still hit the limit:

Error creating new cert :: too many certificates already issued for exact set of domains

I think there were no requests made for couple of days.

Do you have an information what limit that that domain reaches and when it expires?


#8

The last 5 duplicate certificates were issued in the afternoon of March 28. You have to wait 1 week from that time to get more duplicates.

https://crt.sh/?q=ovm641.dynatrace-managed.com


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.