Error 429 (too many certificates) on the first try with a brand new domain


#1

I’m working on a peer-to-peer networking tool that uses Let’s Encrypt for establishing encrypted channels between devices over https (which would not be possible at all without Let’s Encrypt, so many thanks).

My service is not yet on the PSL, so I’ve been buying new domains to handle the testing and beta users coming onto the service.

I just set up telebit.site and on the very first attempt to get a certificate I got the familiar “too many certificates already issued for exact set of domains” error.

However, as you can see, no certificates have been issued at all:
https://crt.sh/?q=%.telebit.site

My guess is that there is some other type of limit that has been hit or some other sort of flag that has been raised and that I’m getting a misleading error message.


#2

The error message is likely to be accurate. As we can by visiting https://telebit.site, at least one certificate has been issued.

CT logs are delayed and do not accurately represent the state of your rate limits.

The most reliable place to look is in the logs of the ACME client that you’ve been using.


#3

I’m not sure if the Let’s Encrypt server outputs numbered error messages.

Could you please tell us the exact command you used to get a certificate and the complete output?


#4

Hi @coolaj86

Google shows your certificate:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:telebit.site&lu=cert_search

crt.sh actual not.


#5

Hmmm… odd. That may be for the bare site, not the subdomain I was actually trying to register.

Nevertheless, the issues appears to be that I’ve used my email address with too many accounts (installing on different devices and “testing in production” - which is the only reliable way to test - I’ve registered over 20 domains).


#6

It does.

{ "type": "urn:acme:error:rateLimited"
, "detail": "Error creating new cert :: Too many certificates already issued for: domain.tld"
, "status": 429
}

The error message is incorrect. It’s actually complaining due to too many uses of my email address to create new accounts. I changed the email and it worked just fine. Repeatable. Testable. Confirmable.


#7

That’s great! If you can share your reproduction (even if only some timestamps of errors), it would be really helpful.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.