All renewal attempts failed. The following certs could not be renewed:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.absolutelycustom.com

I ran this command: certbot renew --cert-name www.absolutelycustom.com

It produced this output: Attempting to renew cert (www.absolutelycustom.com) from /etc/letsencrypt/renewal/www.absolutelycustom.com.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: www.absolutelycustom.com: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.AbsolutelyCustom.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.AbsolutelyCustom.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 14

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

It seems you've already managed to get 5 certificates for that hostname already! Why not use any of them?

openssl x509 -text -noout -in fullchain1.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:ab:6e:25:1a:ee:84:01:84:a0:33:c6:e8:87:6f:ba:84:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
Validity
Not Before: Sep 20 13:04:53 2019 GMT
Not After : Dec 19 13:04:53 2019 GMT
Subject: CN = www.absolutelycustom.com

here is the result of currently installed cert, located on /etc/letsencrypt/archive/www.absolutelycustom.com

What about fullchain2.pem?

What does “sudo certbot certificates” show?

sudo certbot certificates result:

Certificate Name: www.AbsolutelyCustom.com
Domains: www.absolutelycustom.com
Expiry Date: 2019-12-19 13:04:53+00:00 (INVALID: REVOKED)
Certificate Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/privkey.pem
Certificate Name: www.AbsolutelyCustom.com.conf
Domains: www.absolutelycustom.com
Expiry Date: 2019-12-19 13:04:53+00:00 (INVALID: REVOKED)
Certificate Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/privkey.pem
Certificate Name: www.absolutelycustom.com
Domains: www.absolutelycustom.com
Expiry Date: 2019-12-19 13:04:53+00:00 (INVALID: REVOKED)
Certificate Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.AbsolutelyCustom.com/privkey.pem

What about fullchain2.pem?
there is no fullchain2.pem for www.absolutelycustom.com domain.

Hi @shahidashraf78

why are these certificates revoked?

If the private key isn't stolen, it's not required and not helpful if you revoke certificates.

Then you have to wait.

I don’t know how these certs revoked. how much have to wait?
is there any possibility to re-issue cert.?

Please read the basics:

is there any way to reset rate limit ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.