My domain is:
*.ikip.dev
I ran this command:
kubectl apply -f ./manifests/cert-manager/03-cert-manager-ikip-dev-cert.yaml
It produced this output:
Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *.ikip.dev:
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
It was deployed using terraform and kubectl
My hosting provider, if applicable, is:
Azure Kubernetes Services
I can login to a root shell on my machine (yes or no, or I don't know):
I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
not known
Initially, we tried to get the certificate issued by production server. However, hit the limit mentioned above.
Q1: Is there any way to know how much time left for this limitation to be lifted off?
As the above process didn't work, we have issued the certificate using ACME staging server. However, staging cert is not valid for any browser.
Q2: Is there any way I can modify the browser configuration so that I can visit the application?
In moving forward, we want to use this wildcard cert issued by ACME production server.
Q3: Shall we be facing any issues if we try to re-issue the *.ikip.dev using the ACME production server?
That's to be expected. The staging environment is meant to be the primary testing ACME endpoint. It's not some kind of backup environment for when you messed things up on the production environment. Only after everything seems to be working properly on the staging environment, with regard to certificate issuance, you should switch to the production environment.
In your situation, you've hogged the production server too many times, so you're rate limited. This is due to the unnecessary wasting too much resources from Let's Encrypt for no good reason.
Please use one of the previously issued 5 (!!!) perfectly fine production certificates.
Thanks very much once again for the confirmation. I shall re-deploy the certs using the production ACME as soon as the restriction is lifted.
In the meanwhile, trying to understand the limitation of this following error: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *.ikip.dev
Q6: When we use the manifest file to define the cert to renew, will this following be taken as one certificate creation or many?
It's quite literal. It's complaining because you issued duplicate certificates. Don't issue certificates with the same domain names as a valid one you already have.
This depends on your acme client, but *.example.com is actually a single SAN. One certificate is enough.
Thanks. We need just only one wildcard cert to cover the hostnames. Does this mean we shall be able re-order a production ACME cert on the 27th of instant?