Can not issue certificate: too many certificates already issued for


#1

Hello, we successfully using Let’s Encrypt for a while. But this week we can not create new certificates for one of our new installaiton. kube-lego (let’s encrypt app for Kuberntes) fails with error below.

I’ve checked certificates in https://crt.sh/?q=%.gigantic.io and looks like we have only 7 NEW for last 7 days. Everything else are just renewals. So i think we are not hitting 20 certs per week limit.

Can you advise?

My domain is: gigantic.io

I ran this command: We use kube-lego to manage certificates.

It produced this output:

time="2018-05-18T06:03:35Z" level=error msg="Error while processing certificate requests: error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/, error getting certificate: 429 urn:acme:error:rateLimited: Error creating new cert :: too many certificates already issued for: gigantic.io: see https://letsencrypt.org/docs/rate-limits/" context=kubelego

My web server is (include version): ingress-nginx 0.12.0

The operating system my web server runs on is (include version): CoreOS

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

You definitely have 20 certificates issued in the last 7 days.

You should be able to issue a new one in ~37 hours from now.

I had read that kube-lego had a buggy version that would cause rate limit exhaustion. Are you on a recent version?


#3

Renewals currently count towards the 20 certificate per week limit. You can continue to renew certificates after reaching the limit, but renewing certificates will count and prevent you from issuing new certificates.

Let’s Encrypt’s long term plan is to improve this, but it hasn’t been possible yet.


#4

Renewals currently count towards the 20 certificate per week limit. You can continue to renew certificates after reaching the limit, but renewing certificates will count and prevent you from issuing new certificates.

Looks like a reason. Thanks for sharing. We probably will go with rate limit increase as we have many installations, so sooner there will be more than 20 renewals.

This issue can be closed.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.