Error 429 (too many certificates) on the first try with a brand new domain

coolaj86 · July 12, 2018, 3:01am

I’m working on a peer-to-peer networking tool that uses Let’s Encrypt for establishing encrypted channels between devices over https (which would not be possible at all without Let’s Encrypt, so many thanks).

My service is not yet on the PSL, so I’ve been buying new domains to handle the testing and beta users coming onto the service.

I just set up telebit.site and on the very first attempt to get a certificate I got the familiar “too many certificates already issued for exact set of domains” error.

However, as you can see, no certificates have been issued at all:
https://crt.sh/?q=%.telebit.site

My guess is that there is some other type of limit that has been hit or some other sort of flag that has been raised and that I’m getting a misleading error message.

_az · July 12, 2018, 3:39am

The error message is likely to be accurate. As we can by visiting https://telebit.site, at least one certificate has been issued.

CT logs are delayed and do not accurately represent the state of your rate limits.

The most reliable place to look is in the logs of the ACME client that you’ve been using.

Osiris · July 12, 2018, 5:21am

I’m not sure if the Let’s Encrypt server outputs numbered error messages.

Could you please tell us the exact command you used to get a certificate and the complete output?

JuergenAuer · July 12, 2018, 8:02am

Hi @coolaj86

Google shows your certificate:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:telebit.site&lu=cert_search

crt.sh actual not.

coolaj86 · July 12, 2018, 9:20am

Hmmm… odd. That may be for the bare site, not the subdomain I was actually trying to register.

Nevertheless, the issues appears to be that I’ve used my email address with too many accounts (installing on different devices and “testing in production” - which is the only reliable way to test - I’ve registered over 20 domains).

coolaj86 · July 12, 2018, 9:27am

It does.

{ "type": "urn:acme:error:rateLimited"
, "detail": "Error creating new cert :: Too many certificates already issued for: domain.tld"
, "status": 429
}

The error message is incorrect. It’s actually complaining due to too many uses of my email address to create new accounts. I changed the email and it worked just fine. Repeatable. Testable. Confirmable.

_az · July 12, 2018, 10:17am

That's great! If you can share your reproduction (even if only some timestamps of errors), it would be really helpful.

system · August 11, 2018, 10:18am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.