Certificate rate limit


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

The Problem is that even after a week i cannot request new Certificates.
I also do not understand why the limit is reached, i have 15 vol.at subdomains but only 11 have a certificate.

Below the information you requested!

Thank you and best regards,
Marcus Strasser

My domain is:
vol.at

I ran this command:
I ran no command i wanted to install a new lets encrypt certificate on plesk web ui.

It produced this output:

Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new cert :: too many certificates already issued for: vol.at: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):

Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version):
CentOS Linux release 7.5.1804 (Core)

My hosting provider, if applicable, is:
the server itself is a hosting system.

I can login to a root shell on my machine (yes or no, or I don’t know):
I am the admin for this server, so yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

You have used 61 out of 50 certificates per week.

See https://letsencrypt.org/docs/rate-limits/

The next non-renewal certificate for vol.at will be issuable again on 2018-09-28T07:44:45.000Z

Do you have ownership of “vol.at” or is it a shared subdomain?
If it’s shared subdomain then others might have created certificates for *.vol.at and that will affect your rate limit.

See https://tools.letsdebug.net/cert-search?m=domain&q=vol.at&d=168


#3

Hello,

thank you for the really fast reply.
The ownership of vol.at is ours. The domains which i see in this tool of yours, are all domain where i created the certificates. I did not know that 5 slots of the cert limit for each subdomain are used.

Looks like i have to wait until i can request certificate for the remaining 4 domains.

Regards,
Marcus Strasser


#4

Hi @mstrasser

there are a lot of subdomains: autodesjahres.vol.at

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:autodesjahres.vol.at&lu=cert_search

5 certificates 17.09.2018
5 certificates 24.09.2018

Normally, you should create one certificate, use it 60 days, then create the next.

Looks like your client is buggy.


#5

Thank you @JuergenAuer

there was a template configured for plesk which tried to install lets encrypt automatically.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.