Cancellling all cert requests

I have sent too many cert creation requests unknowingly, i would like to cancel everything so that i can get a fresh one for my domain.

You could perhaps try something like letsdebug-toolkit (if you're indeed faced with the "too many currently pending authorizations" error).

4 Likes

On the other hand, if you're faced with "too many certificates already issued for this set of domains", see duplicate certificate limit.

3 Likes

I will check this out. Thank you so much

1 Like

I am actually not getting too many certs, rather i get this

"cert-manager/certificates-trigger: Backing off from issuance due to previously failed issuance(s). Issuance will next be attempted at 2023-06-07 07:08:12.0000008 +0000 UTC m=+7404.715051834" key="apps/letsencrypt"
E0607 06:08:12.702032 1 sync.go:73] "cert-manager/orders: failed to update status" resource_name="letsencrypt-6z7pw-3862206835" resource_namespace="apps" resource_kind="Order" resource_version="v1"
I0607 06:08:12.702067 1 controller.go:162] "cert-manager/orders: re-queuing item due to optimistic locking on resource" key="apps/letsencrypt-6z7pw-3862206835" error="Operation cannot be fulfilled on orders.acme.cert-manager.io "letsencrypt-6z7pw-3862206835": the object has been modified; please apply your changes to the latest version and try again"

After an hour it just fails. So i am reordering certs which is throwing same set of errors again and again. Although i verified that the configurations are latest only.

Also the k8s secrets which was created for letsencrypt get vanished after couple of mins.

Can you find other, earlier logs that refer to those failed issuances, and indicate a more specific reason for them?

4 Likes

I am actually doing a fresh installation of cert-manager and trying it again. I dont have any earlier logs

It is important to ensure that the files that Certbot itself creates are persistent, not ephemeral, otherwise you're almost sure to hit the duplicate certificate rate limit if you have containers being created and destroyed regularly. That specific rate limit will not expire/time out for 7 days.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.