Duplicate Certificate Limit

Dear Let's Encrypt Team,

Could you please advise me on Duplicate Certificate Limit, I have problem with SSL Renewal Certificate please advise.

Best Regards,

1 Like

Here you go:

7 Likes

The best thing to do is to resolve whatever is causing the duplicate requests, then wait for your rate limit to expire (or modify your cert to include a slightly different set of domains, or use another CA).

5 Likes

Ohh, then Let's Encrypt should is not recommended to use in production environment.
Thank you so much, sir.

1 Like

You should generally test your configuration using staging if you are unsure how it will behave. Duplicate certificates are unusual though, which software are you using and how?

6 Likes

Can you be more specific about the problem you are having?
OR
Would you like to open another [HELP] topic on that exact issue?

4 Likes

Let's Encrypt is offered by HUGE hosting providers and issues more than 3 MILLION certs per day. So Let's Encrypt is VERY MUCH recommended for production environments, but you need to abide to the rules. There is much documentation on how to PROPERLY implement Let's Encrypt. If you dive in haphazardly without having proper knowledge of e.g. rate limits and the integration guide, well, sure, you can get surprised.

But with proper knowledge, proper reading of documentation and proper preparation (possibly with a rate limit exemption, if applicable), there should be NO issue at all.

7 Likes

Can you explain the thought process that led you to conclude this from the fact that Let's Encrypt has rate limits? Because it doesn't seem to follow at all.

6 Likes

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

And to assist with debugging there is a great place to start is Let's Debug.

6 Likes

Hi,

I got as below message.

[Wed Jun 7 07:07:45 UTC 2023] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: xx.xx.com, retry after 2023-06-08T10:44:40Z: see Duplicate Certificate Limit - Let's Encrypt",
"status": 429
}

This usually happens when you were debugging against the live API endpoint, and intentionally reissuing existing certificates more than 4 times in a row, or when you were requesting certificates from inside an ephemeral container such as a Docker container without persistent storage. Let's Encrypt certificates use (a small amount of) server resources for each issuance, particularly using the Hardware Security Modules (HSM) at the certificate authority, which have a limited capacity to sign new certificates and associated cryptographic proofs of validity. So, these certificates are not designed to be used inside of an ephemeral environment where they would be destroyed and recreated multiple times per week.

7 Likes

Is there a way to find and use one that's already been issued?

I've been using various guides to set up a new website and have been having trouble and having to delete my server and redo everything, and part of redoing everything is getting SSL certs. I would avoid requesting a new cert every time if I knew how to use an existing one.

As of now, it seems that I have to wait at week to continue trying to set up my server because the guides use automated SSL cert requests that I don't know how to modify to get around this issue.

Hmm, looking at Duplicate Certificate limit of 5 certificates per week, it seems that I can only reuse it if I had requested them on the same server without deleting them. So it seems I have to wait :frowning:

Did you read Bruce's comment in this very thread?

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.