Hey everyone, I have been trying to create a certificate for a webserver with a domain that I just purchased. I have had to reformat the webserver multiple times, however I believe I have all the kinks ironed out now and it is good to go, but I cant get a cert on it anymore. Letsencrypt is giving me an error saying that I need to wait until end of day tomorrow now. Is there anyway that I can have that released?
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2 Likes
My domain is: energytrust.site
I ran this command: letsencrypt
It produced this output: too many certificates, cant create one until latter day august 10th
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Debian 12
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
Please elaborate... there hasn't been a client by that name in at least six years.
Too many identical or too many for this domain?
If this is the issue, it's clear you got too many certificates already and should use one of those.
See what you have by running certbot certificates (see above: are you even using certbot?)
4 Likes
And this is why we prefer to have the exact error message copy/pasted instead of reworded by a human.
4 Likes
But in any case, even without more info we can simply refer to the rate limit documentation:
2 Likes
My domain is: energytrust.site
I ran this command: certbot certonly --manual --preferred-challenges=dns --email admin@energytrust.site --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.energytrust.site' -d 'energytrust.site'
It produced this output:acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *.energytrust.site,energytrust.site, retry after 2023-08-10T16:08:09Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
My web server is (include version): apache2
The operating system my web server runs on is (include version):debian 12
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0
can I revoke those other ones?
So it's "too many identical"
Run certbot certificates and show us what you see.
That will solve nothing.
4 Likes
No certificates found.
Yeah, so that's the duplicate rate limit of 5 per week indeed.
Please use the staging environment for testing and NEVER throw out perfectly fine production certificates when "reformatting the webserver" due to "ironing out some kinks".
Sorry to say, but simply put this is a simple case of "you reap what you sow" a.k.a. not reading the documentation.
Sure, but it wouldn't help you in any way. Please read the rate limit documentation.
3 Likes
So, where are the certificates you issued this last seven days?
3 Likes
they got yeeted
How can I revoke the previous certs?
You can "cheat" a bit by replacing your "*.domain.com" wildcard with "www.domain.com" and whatever other subdomains you actually need. The rate limit only applies to certificates with the exact same set of domains. Then after the rate limit expires, you can move back to the wildcard subdomain.
(Be more careful in the future though)
4 Likes
This is the first time I hear this word.
You can revoke those certificates, but it will not allow you to issue new ones. The limit isn't on "active certificates" -- it's on "issued certificates"!
5 Likes
kinda a meme way of saying nuked or thrown out. Gone.
Please see:
But note that revoking does not do anything on the rate limit you're experiencing (as mentioned on the rate limit documentation page linked earlier above), so I'm puzzled why you'd want to revoke the previous certs.
2 Likes
if you're certain that all copies of the private keys for the earlier certificates have actually been yeeted, there's zero benefit to revoking them
deletion of private keys is probably more secure than revocation since revocation checking is unreliable.
a deleted certificate can never be stolen or used against you
revocation is useful if you think the private keys may have been compromised, or if you're transferring a domain to someone and you want to prove you're not hanging on to old certificates
3 Likes