CertBot Error, Too many certificates already issued

Hello @pfg

here we go (I currently have to machines running certbot):

On Machine #1

ls -lart /etc/letsencrypt/live/gitlab.typoworx.de/
insgesamt 24
drwxrwx--- 3 root root 4096 Aug 24 11:28 ..
lrwxrwxrwx 1 root root 45 Okt 31 12:30 privkey.pem -> ../../archive/gitlab.typoworx.de/privkey2.pem
lrwxrwxrwx 1 root root 47 Okt 31 12:30 fullchain.pem -> ../../archive/gitlab.typoworx.de/fullchain2.pem
lrwxrwxrwx 1 root root 43 Okt 31 12:30 chain.pem -> ../../archive/gitlab.typoworx.de/chain2.pem
lrwxrwxrwx 1 root root 42 Okt 31 12:30 cert.pem -> ../../archive/gitlab.typoworx.de/cert2.pem
-rw-r--r-- 1 root root 5156 Dez 1 11:13 combined.pem~
drwxrwx--- 2 root root 4096 Dez 1 11:13 .
-rw-r--r-- 1 root root 6961 Dez 1 11:15 combined.pem

ls -lart /etc/letsencrypt/archive/gitlab.typoworx.de/
insgesamt 40
drwxrwx--- 3 root root 4096 Aug 24 11:28 ..
-rwxrwx--- 1 root root 1704 Aug 24 11:28 privkey1.pem
-rwxrwx--- 1 root root 3452 Aug 24 11:28 fullchain1.pem
-rwxrwx--- 1 root root 1647 Aug 24 11:28 chain1.pem
-rwxrwx--- 1 root root 1805 Aug 24 11:28 cert1.pem
-rw-r--r-- 1 root root 1704 Okt 31 12:30 privkey2.pem
-rw-r--r-- 1 root root 3452 Okt 31 12:30 fullchain2.pem
-rw-r--r-- 1 root root 1647 Okt 31 12:30 chain2.pem
-rw-r--r-- 1 root root 1805 Okt 31 12:30 cert2.pem
drwxrwx--- 2 root root 4096 Okt 31 12:30 .

On Machine #2

ls -lart /etc/letsencrypt/live/gitlab.typoworx.de/
total 8
drwx------ 16 root root 4096 Aug 8 2016 ..
lrwxrwxrwx 1 root root 47 Feb 10 07:48 privkey.pem -> ../../archive/gitlab.typoworx.de/privkey150.pem
lrwxrwxrwx 1 root root 49 Feb 10 07:48 fullchain.pem -> ../../archive/gitlab.typoworx.de/fullchain150.pem
lrwxrwxrwx 1 root root 45 Feb 10 07:48 chain.pem -> ../../archive/gitlab.typoworx.de/chain150.pem
lrwxrwxrwx 1 root root 44 Feb 10 07:48 cert.pem -> ../../archive/gitlab.typoworx.de/cert150.pem
drwxr-xr-x 2 root root 4096 Feb 10 07:48 .

ls -lart /etc/letsencrypt/archive/gitlab.typoworx.de/
total 2428
[...] a lot of files more!!!
-rw-r--r-- 1 root root 1647 Jan 30 07:38 chain141.pem
-rw-r--r-- 1 root root 1805 Jan 30 07:38 cert141.pem
-rw-r--r-- 1 root root 1708 Jan 31 07:59 privkey142.pem
-rw-r--r-- 1 root root 3452 Jan 31 07:59 fullchain142.pem
-rw-r--r-- 1 root root 1647 Jan 31 07:59 chain142.pem
-rw-r--r-- 1 root root 1805 Jan 31 07:59 cert142.pem
-rw-r--r-- 1 root root 1704 Feb 2 08:01 privkey143.pem
-rw-r--r-- 1 root root 3452 Feb 2 08:01 fullchain143.pem
-rw-r--r-- 1 root root 1647 Feb 2 08:01 chain143.pem
-rw-r--r-- 1 root root 1805 Feb 2 08:01 cert143.pem
-rw-r--r-- 1 root root 1708 Feb 3 08:06 privkey144.pem
-rw-r--r-- 1 root root 3452 Feb 3 08:06 fullchain144.pem
-rw-r--r-- 1 root root 1647 Feb 3 08:06 chain144.pem
-rw-r--r-- 1 root root 1805 Feb 3 08:06 cert144.pem
-rw-r--r-- 1 root root 1708 Feb 4 07:58 privkey145.pem
-rw-r--r-- 1 root root 3452 Feb 4 07:58 fullchain145.pem
-rw-r--r-- 1 root root 1647 Feb 4 07:58 chain145.pem
-rw-r--r-- 1 root root 1805 Feb 4 07:58 cert145.pem
-rw-r--r-- 1 root root 1704 Feb 5 07:58 privkey146.pem
-rw-r--r-- 1 root root 3452 Feb 5 07:58 fullchain146.pem
-rw-r--r-- 1 root root 1647 Feb 5 07:58 chain146.pem
-rw-r--r-- 1 root root 1805 Feb 5 07:58 cert146.pem
-rw-r--r-- 1 root root 1704 Feb 6 07:55 privkey147.pem
-rw-r--r-- 1 root root 3452 Feb 6 07:55 fullchain147.pem
-rw-r--r-- 1 root root 1647 Feb 6 07:55 chain147.pem
-rw-r--r-- 1 root root 1805 Feb 6 07:55 cert147.pem
-rw-r--r-- 1 root root 1708 Feb 7 07:52 privkey148.pem
-rw-r--r-- 1 root root 3452 Feb 7 07:52 fullchain148.pem
-rw-r--r-- 1 root root 1647 Feb 7 07:52 chain148.pem
-rw-r--r-- 1 root root 1805 Feb 7 07:52 cert148.pem
-rw-r--r-- 1 root root 1708 Feb 9 07:49 privkey149.pem
-rw-r--r-- 1 root root 1805 Feb 9 07:49 cert149.pem
-rw-r--r-- 1 root root 3452 Feb 9 07:49 fullchain149.pem
-rw-r--r-- 1 root root 1647 Feb 9 07:49 chain149.pem
-rw-r--r-- 1 root root 1704 Feb 10 07:48 privkey150.pem
-rw-r--r-- 1 root root 3452 Feb 10 07:48 fullchain150.pem
-rw-r--r-- 1 root root 1647 Feb 10 07:48 chain150.pem
-rw-r--r-- 1 root root 1805 Feb 10 07:48 cert150.pem
drwxr-xr-x 2 root root 20480 Feb 10 07:48 .

After changing the cron-jobs from @daily to @weekly I have not noticed any more “flooding” requests while having an eye on crt.sh.

I was running certbot renewal today manually (same command as used in cron-task) and it seems to run fine and smooth.

I’ll still having a look on this and if this solves all my problems now.

Is it still continuing to issue unnecessary certificates once a week?

Did the renew command you tried to day issue another unnecessary certificate?

Slowing down to 1-2 unnecessary certificates per week stays far below the rate limits, but i wouldn’t call it good…

I had to renew a bunch of certs manually today as a lot of them where unable to renew since the past few weeks. As far as I noticed everything worked fine without problems.

I think it will get interesting again for the next 1-2 next scheduled weekly renewals.

Is everything working correctly now, then? Certs that need to be renewed are being renewed without error? Certs that don’t need to be renewed aren’t being renewed?

It’s recommended to run certbot renew 1-2 times a day because it’s only supposed to renew certs when they need it. If it’s malfunctioning but only running once a week now, well, it’s not doing much harm, but it’s still malfunctioning.

I recently had it running @daily only (two instances each on one separate machine). Using that setup with daily run it produced massive problems. Not to think about what will happen trying to invoke it two times a day

I will may be try to get it running smooth every two days and then may be again daily if it is running fine.

It’s not supposed to produce problems no matter how often you run it, though.

You could run it once a minute, and it would never do anything until your certificates are close to expiring.

Slowing it down reduces the mess, but doesn’t solve whatever is wrong.