Certbot - Too many certificates issued - Next Steps

Hi,
I am having a certificat for my main domain and max 2 certificates for my sub-domains. Everything worked fine until last week. Now I am having a problem that certificate is timed out
When trying to renew it manually I get the error:
Error: Let’s Encrypt SSL certificate installation failed: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert: Error creating new cert :: too many certificates already issued for exact set of domains: ehwg.de,www.ehwg.de.
Type: urn:acme:error:rateLimited.
Current certificat expired on 29. May 2017 um 03:03.
Is there any way I can look why I get too many certificates and can I see them somehow. The renewal was working before. Unfortunately I am in an hosted environment and can not access it direct but can only out of a plesk desktop create/trigger the renewal.
Any help is very much welcome. If there is something I could check on the server iteself let me now nevertheless I have to forward it to my provider.
Kind regards
Eckard.

Based solely on the error: "too many certificates already issued for exact set of domains"
It sounds like it has not been renewing but creating all new certs every time and now has exceeded the number allowed.

Is there a way to release/delete/reset all certificates for a domain by uploading some special files on my server and then calling a special URL or any other way. Currently I don’t see any of the most likely created certificates

Hi Eckard

Once a certificate is issued it counts towards the total in the limits.

You certificates will be under /etc/letsencrypt/acrhive I believe

I can also see you have been systematically getting new certificates every day for the last months https://crt.sh/?q=www.ehwg.de

You should look at the way your scripts are set up as something is not right

Andrei

Hi,

I tried to get a new certificate today and also got the 'Too many certificates issued' message.

I found this information from Feb 2015, is it still correct?

As renewals are exempt from limits (once you have hit them) it's not particualrly helpful that they can 'get in the way' of obtaining new certificates (assuming the information in the link is correct).

Pete

The link to the up to date rate limits is still correct, yes :wink:

The rate limits mentioned in the post might be outdated. Just check the official page on the Let’s Encrypt site I posted there.

There is a renewal exemption for the "20 certificates per domain" limit. There is no exemption for the "5 identical certificates" limit.

I don't think there are any Plesk experts on this forum. :confounded: You should contact them to find out why it's trying to issue 60 or 120 times as many certificates as it needs to, and then not using them, and how to fix it.

The link I posted suggests that the exemption only takes effect after you have hit the limit. If you have 30 certifcates to renew and haven’t ordered any new ones, then the first 20 will take up the new certifcate ‘slots’ and then the exemption will kick in and the final 10 would be renewed. However, no new certificates can now be ordered.

I’m not using plesk but jumped on this thread as it was the same error message and I wanted to avoid creating a new thread. I only tried to order one certificate today but was ‘blocked’ by my renewals over the weekend.

Peter

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.