Critical Error to regenerate SSL - PRODUCTION WEBSITE

Hello,
This morning our SSL certificate has expired, one of our developers has made too many requests to let’s encrypt to regenerate the certificate but it is wrong every time. Now when I try to make a request let’s encrypt responds to me:

2020/02/05 16:24:31 [INFO] [dealy.com, dealy.com] acme: Obtaining bundled SAN certificate
2020/02/05 16:24:32 Could not obtain certificates:
acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn: ietf: params: acme: error: rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains: dealy.com: see
https://letsencrypt.org/docs/rate-limits/, url:

So impossible to have a new certificate. Our site is in production and currently our customers can no longer come to our site. It is a CRITICAL problem.

Do you have a solution?

We do not use subdomain or other but only our main domain which is: dealy.com

Thanking you

Hi @VincentJorge

this isn't a critical problem. There is a check of your domain, some minutes old - https://check-your-website.server-daten.de/?q=dealy.com

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-02-05 2020-05-05 dealy.com - 1 entries duplicate nr. 5 next Letsencrypt certificate: 2020-02-12 07:57:55
Let's Encrypt Authority X3 2020-02-05 2020-05-05 dealy.com - 1 entries duplicate nr. 4
Let's Encrypt Authority X3 2020-02-05 2020-05-05 dealy.com - 1 entries duplicate nr. 3
Let's Encrypt Authority X3 2020-02-05 2020-05-05 dealy.com - 1 entries duplicate nr. 2
Let's Encrypt Authority X3 2020-02-05 2020-05-05 dealy.com - 1 entries duplicate nr. 1

You have created 5 identical certificates. Please use one of these.

Your configuration is wrong. Port 443 is a http port. So change that.

Hi @VincentJorge,

Welcome to the community forum!

Please see the following paragraph from our rate limit policy.

A certificate is considered a renewal (or a duplicate) of an earlier certificate if it contains the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of hostnames by adding [blog.example.com], you would be able to request additional certificates.


Please treat the following events as a learning experience for you and your team.

This morning our SSL certificate has expired, one of our developers has made too many requests to let’s encrypt to regenerate the certificate but it is wrong every time.

  • Ensure that you have an email configured to receive Let's Encrypt certificate expiration mail.
  • Implement a certificate expiration monitoring tool. Sensu, openssl, prometheus blackbox exporter, etc are all very good options.
  • Utilize the staging environment to test your configuration before issuing certificates.
  • You shouldn't have to worry about certificates expiring, was your cron job/systemd timer broken?

Thank’s !

How can i download certificat ?

You have these. Please check your configuration.

If you have deleted all of these certificates (deleted the private keys), you may wait.

Yeah certificate DELETED in server…

How did all five of them get deleted?

Were the private keys also deleted?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.