In Plesk, with the Let’s Encrypt extension, we tried to renew appbuzzinga.com. Got an error, but no error text. (very odd). Tried again, then tried deadeasyapps.appbuzzinga.com, and got this:
I don't use or know how to solve your issue with Plesk Let's Encrypt plugin, but your are issuing the same certificates every day since 18th April (maybe you updated or changed somthing that day....)
:
2017/May/25 17:36:02 - Checking certs for appbuzzinga.com
I have found 45 non expired certificates for domain appbuzzinga.com and its subdomains *.appbuzzinga.com
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
144034423 appbuzzinga.com 2017-May-25 15:39 CEST 2017-Aug-23 15:39 CEST 89 days appbuzzinga.com
www.appbuzzinga.com
143833039 appbuzzinga.com 2017-May-25 05:00 CEST 2017-Aug-23 05:00 CEST 89 days appbuzzinga.com
143832860 deadeasyapps.appbuzzinga.com 2017-May-25 05:00 CEST 2017-Aug-23 05:00 CEST 89 days deadeasyapps.appbuzzinga.com
143252477 appbuzzinga.com 2017-May-24 05:00 CEST 2017-Aug-22 05:00 CEST 88 days appbuzzinga.com
143252364 deadeasyapps.appbuzzinga.com 2017-May-24 05:00 CEST 2017-Aug-22 05:00 CEST 88 days deadeasyapps.appbuzzinga.com
142702365 appbuzzinga.com 2017-May-23 05:00 CEST 2017-Aug-21 05:00 CEST 87 days appbuzzinga.com
142702273 deadeasyapps.appbuzzinga.com 2017-May-23 05:00 CEST 2017-Aug-21 05:00 CEST 87 days deadeasyapps.appbuzzinga.com
142155230 appbuzzinga.com 2017-May-22 05:00 CEST 2017-Aug-20 05:00 CEST 86 days appbuzzinga.com
141650993 deadeasyapps.appbuzzinga.com 2017-May-21 05:00 CEST 2017-Aug-19 05:00 CEST 85 days deadeasyapps.appbuzzinga.com
141133156 appbuzzinga.com 2017-May-20 05:00 CEST 2017-Aug-18 05:00 CEST 84 days appbuzzinga.com
141132881 deadeasyapps.appbuzzinga.com 2017-May-20 05:00 CEST 2017-Aug-18 05:00 CEST 84 days deadeasyapps.appbuzzinga.com
140674490 appbuzzinga.com 2017-May-19 05:00 CEST 2017-Aug-17 05:00 CEST 83 days appbuzzinga.com
140674255 deadeasyapps.appbuzzinga.com 2017-May-19 05:00 CEST 2017-Aug-17 05:00 CEST 83 days deadeasyapps.appbuzzinga.com
140117909 appbuzzinga.com 2017-May-18 05:00 CEST 2017-Aug-16 05:00 CEST 82 days appbuzzinga.com
140117709 deadeasyapps.appbuzzinga.com 2017-May-18 05:00 CEST 2017-Aug-16 05:00 CEST 82 days deadeasyapps.appbuzzinga.com
139562240 appbuzzinga.com 2017-May-17 05:00 CEST 2017-Aug-15 05:00 CEST 81 days appbuzzinga.com
139561919 deadeasyapps.appbuzzinga.com 2017-May-17 05:00 CEST 2017-Aug-15 05:00 CEST 81 days deadeasyapps.appbuzzinga.com
138977364 appbuzzinga.com 2017-May-16 05:00 CEST 2017-Aug-14 05:00 CEST 80 days appbuzzinga.com
138977201 deadeasyapps.appbuzzinga.com 2017-May-16 05:00 CEST 2017-Aug-14 05:00 CEST 80 days deadeasyapps.appbuzzinga.com
138389570 appbuzzinga.com 2017-May-15 05:00 CEST 2017-Aug-13 05:00 CEST 79 days appbuzzinga.com
137841952 deadeasyapps.appbuzzinga.com 2017-May-14 05:00 CEST 2017-Aug-12 05:00 CEST 78 days deadeasyapps.appbuzzinga.com
137261808 deadeasyapps.appbuzzinga.com 2017-May-13 05:00 CEST 2017-Aug-11 05:00 CEST 77 days deadeasyapps.appbuzzinga.com
136644512 deadeasyapps.appbuzzinga.com 2017-May-12 05:00 CEST 2017-Aug-10 05:00 CEST 76 days deadeasyapps.appbuzzinga.com
136042054 deadeasyapps.appbuzzinga.com 2017-May-11 05:00 CEST 2017-Aug-09 05:00 CEST 75 days deadeasyapps.appbuzzinga.com
135384212 deadeasyapps.appbuzzinga.com 2017-May-10 05:00 CEST 2017-Aug-08 05:00 CEST 74 days deadeasyapps.appbuzzinga.com
134866488 deadeasyapps.appbuzzinga.com 2017-May-09 05:00 CEST 2017-Aug-07 05:00 CEST 73 days deadeasyapps.appbuzzinga.com
133957819 deadeasyapps.appbuzzinga.com 2017-May-07 05:00 CEST 2017-Aug-05 05:00 CEST 71 days deadeasyapps.appbuzzinga.com
133535557 deadeasyapps.appbuzzinga.com 2017-May-06 05:00 CEST 2017-Aug-04 05:00 CEST 70 days deadeasyapps.appbuzzinga.com
133086350 deadeasyapps.appbuzzinga.com 2017-May-05 05:00 CEST 2017-Aug-03 05:00 CEST 69 days deadeasyapps.appbuzzinga.com
132688079 deadeasyapps.appbuzzinga.com 2017-May-04 05:00 CEST 2017-Aug-02 05:00 CEST 68 days deadeasyapps.appbuzzinga.com
132276335 deadeasyapps.appbuzzinga.com 2017-May-03 05:00 CEST 2017-Aug-01 05:00 CEST 67 days deadeasyapps.appbuzzinga.com
131787771 deadeasyapps.appbuzzinga.com 2017-May-02 05:00 CEST 2017-Jul-31 05:00 CEST 66 days deadeasyapps.appbuzzinga.com
130916419 deadeasyapps.appbuzzinga.com 2017-Apr-30 05:00 CEST 2017-Jul-29 05:00 CEST 64 days deadeasyapps.appbuzzinga.com
130554901 deadeasyapps.appbuzzinga.com 2017-Apr-29 05:00 CEST 2017-Jul-28 05:00 CEST 63 days deadeasyapps.appbuzzinga.com
130144817 deadeasyapps.appbuzzinga.com 2017-Apr-28 05:00 CEST 2017-Jul-27 05:00 CEST 62 days deadeasyapps.appbuzzinga.com
129655651 deadeasyapps.appbuzzinga.com 2017-Apr-27 05:00 CEST 2017-Jul-26 05:00 CEST 61 days deadeasyapps.appbuzzinga.com
129077003 deadeasyapps.appbuzzinga.com 2017-Apr-26 05:00 CEST 2017-Jul-25 05:00 CEST 60 days deadeasyapps.appbuzzinga.com
128370257 deadeasyapps.appbuzzinga.com 2017-Apr-25 05:00 CEST 2017-Jul-24 05:00 CEST 59 days deadeasyapps.appbuzzinga.com
126665921 deadeasyapps.appbuzzinga.com 2017-Apr-23 05:00 CEST 2017-Jul-22 05:00 CEST 57 days deadeasyapps.appbuzzinga.com
125833429 deadeasyapps.appbuzzinga.com 2017-Apr-22 05:00 CEST 2017-Jul-21 05:00 CEST 56 days deadeasyapps.appbuzzinga.com
124916592 deadeasyapps.appbuzzinga.com 2017-Apr-21 05:00 CEST 2017-Jul-20 05:00 CEST 55 days deadeasyapps.appbuzzinga.com
124177034 deadeasyapps.appbuzzinga.com 2017-Apr-20 05:00 CEST 2017-Jul-19 05:00 CEST 54 days deadeasyapps.appbuzzinga.com
123330498 deadeasyapps.appbuzzinga.com 2017-Apr-19 05:00 CEST 2017-Jul-18 05:00 CEST 53 days deadeasyapps.appbuzzinga.com
122482341 deadeasyapps.appbuzzinga.com 2017-Apr-18 05:00 CEST 2017-Jul-17 05:00 CEST 52 days deadeasyapps.appbuzzinga.com
104350239 appbuzzinga.com 2017-Mar-16 04:00 CET 2017-Jun-14 05:00 CEST 19 days appbuzzinga.com
www.appbuzzinga.com
And yes, you have reache the limit of 5 certs using the same subset of domains. Maybe you should contact to Plesk support team.
Thanks much for the reply. What tool did you use to get that list?
According to our work logs, nothing was done on that day, or the day before or the day after. The last changes/work done to server were April 14. Minor changes to php.ini We did do some updates to wordpress the beginning of May. So I am at a loss as well.
I admit I have a hard time following that “limit” of “5 certs using the same subset of domains” - why would renewing the SAME cert cause an error. How could that qualify as a new cert?
We also plan to add about 100 subdomains to appbuzzinga this summer. Does that mean 95 can’t use SSL?
Please excuse my ignorance, but certs are not my forte’
Sid B.
Each renewal is a new certificate, and if you actively renew 5 times, there will have been 5 identical certificate issuances.
Could be a problem, depending on your issuance strategy. I would suggest looking over
If you don't understand something there, please feel free to ask questions here and we can try to help explain.
If they're all subdomains under the same domain, that can definitely be a problem if you are going to add (or remove) them gradually and re-issue certificates periodically. If they're all completely separate domains, you're unlikely to run into rate limits quickly.
Most of the rate limits are related to certificate issuance events (which are related to HSM signing events which are actually the scarce resource), so if you can find a strategy that minimizes the frequency of certificate issuance events, you're likely to be on safer rate-limit ground. But it's good to look through the whole document to understand what all of the rate limit policies are.