Cannot Renew due to `too many certificates for the exact...`


#1

About a week ago (the 2nd) I noticed that the cron job certbot had setup wasn’t doing it’s job because I received an email stating my certificates were about to expire. I ran sudo certbot -q renew to do it manually and got the error error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:

Not a big deal. My website is only used by myself and my wife, we can deal for a week. So I go and kill the crontab that certbot had created because that job had been renewing my certificates twice a day and a search on crt.sh seemed to show as much.

Today I thought I’d give it a go again and attempted to renew my certificates, only to get the exact same issue. I checked crt.sh and to my surprise I’m still getting daily certificate renewals. It appears that they stopped on the 2nd, when I killed that cron job, but have started up again as of the 6th. I have no clue where these requests are coming from. I’ve checked the only two accounts that might have had crontabs setup for this (only accounts with privileges for it).

There is a single cron job on my machine and it is not a certbot command or script. The logs proved fruitless as well. I’m sort of thinking that this isn’t even coming from my machine. Might consider shutting it down for a day or two and watch to see if the certificates still come in. Any other ideas? I’m getting a new certificate with a different set of domains so I can get my server secured again, but it would be nice to fix this regardless.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 16

My hosting provider, if applicable, is: Digital Oceans

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi @pard68,

If they are coming from Certbot on your machine, you would probably have logs in /var/log/letsencrypt documenting that. So that might be good to check as a first step.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.