My domain is:
zvuk.com, *.zvuk.com and some others
I ran this command:
certbot certonly --dns-rfc2136 --dns-rfc2136-credentials ~/rfc2136.ini -d zvuk.com -d *.zvuk.com
It produced this output:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.zvuk.com,zvuk.com: see Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
My web server is (include version):
The operating system my web server runs on is (include version):
ubuntu-16.04 (docker), ubuntu 20.04 (docker)
I can login to a root shell on my machine (yes or no, or I don't know):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
0.31.0 / 0.40.0
The point is I am running this command every month to get new certificates, but for some reasons I am getting ratelimit warning, which is 5 per week. Last time certificates updated 4.01.2021, after that there was no successful updates and now I got certificate expiration warning. I have multiple domains and used same command for every pair $DOMAIN *.$DOMAIN - and now I can get certificate only for newest domain that was added some time after implementing ssl autoupdate.
Right now I updated my docker container from ubuntu 16.04 to 20.04 and updated certbot version - same error. Also tried to run this command on other server with different IP and creating different account - same result. Seems like there is not only 5 per week, but also something like 10 per year or something like that?
I need help with that, 28 days left
No, there isn't a limit like 10 per year, the rate limit you have reached is 5 certificates using the same subset of domains per 7 days. Something happened on your side on 4th March and you issued 5 certificates from 07:25 AM UTC to 07:33 AM UTC.
CRT_ID CA CERT_TYPE DOMAIN_(CN) KEY_ALG VALID_FROM VALID_TO EXPIRES_IN SANs
4160738363 R3 Final cert zvuk.com RSA 2048bit 2021-Mar-04 06:33 UTC 2021-Jun-02 06:33 UTC 85 days *.zvuk.com
4160732504 R3 Final cert zvuk.com RSA 2048bit 2021-Mar-04 06:32 UTC 2021-Jun-02 06:32 UTC 85 days *.zvuk.com
4160726192 R3 Final cert zvuk.com RSA 2048bit 2021-Mar-04 06:30 UTC 2021-Jun-02 06:30 UTC 85 days *.zvuk.com
4160720323 R3 Final cert zvuk.com RSA 2048bit 2021-Mar-04 06:28 UTC 2021-Jun-02 06:28 UTC 85 days *.zvuk.com
4160711390 R3 Final cert zvuk.com RSA 2048bit 2021-Mar-04 06:25 UTC 2021-Jun-02 06:25 UTC 85 days *.zvuk.com
4121292170 R3 Final cert go.zvuk.com RSA 2048bit 2021-Feb-23 15:48 UTC 2021-May-24 15:48 UTC 77 days go.zvuk.com
4021024405 R3 Final cert zvuk.com RSA 2048bit 2021-Feb-02 16:34 UTC 2021-May-03 16:34 UTC 56 days *.zvuk.com
4021012686 R3 Final cert zvuk.com RSA 2048bit 2021-Feb-02 16:31 UTC 2021-May-03 16:31 UTC 56 days *.zvuk.com
3901323067 R3 Final cert l.zvuk.com RSA 4096bit 2021-Jan-09 10:49 UTC 2021-Apr-09 10:49 UTC 31 days l.zvuk.com
3874758143 R3 Final cert zvuk.com RSA 2048bit 2021-Jan-04 06:24 UTC 2021-Apr-04 06:24 UTC 26 days *.zvuk.com
3757985869 R3 Final cert go.zvuk.com RSA 2048bit 2020-Dec-09 16:48 UTC 2021-Mar-09 16:48 UTC 1 day go.zvuk.com
You should review the automation you are using to renew your certificates because seems it is not working as expected or something happened that day.
Note: The next time you could issue a new certificate covering the same subset of domains will be 11th March 07:25 UTC.
Thanks a lot.
Yeah, it seems something went wrong with cloudflare dns/auth and nomad tried to start failed task with domains list over and over again. Definitely need to improve this behaviour and at least add logging.
Fixed issue with our automation and dns, got new certificates, everything is fine now, should I close this ticket somehow?
Glad to hear that. If you want you can select any post and mark it as the solution for this thread but there is no need to close it, it will be closed automatically a month after last reply.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.