Error creating new cert ::too many certificates already issued


#1

Hi I have a freelance project in which I tried to add crontab and it seems I misconfigured it as it tried to renew certificate each minute. So now my project since friday is not accessible. Is there any other way I could create certificate through letsencrypt so that people would be able to use the page again? And furthermore I though that on Monday I would be able to create cert again…

My domain is: eridu.lt

I ran this command: /usr/bin/certbot

It produced this output:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: eridu.lt: see https://letsencrypt.org/docs/rate-limits

My web server is (include version):

The operating system my web server runs on is (include version): linux centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.19.0


#2

Hi @Henris

you have a lot of certificates created.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:eridu.lt&lu=cert_search

What says certbot certificates?

Use one of these the next 60 - 85 days.


#3

So when I created crontab using:
/usr/bin/certbot renew --quiet

it seemed not to work so I added:
letsencrypt certonly --force-renewal --nginx --email henris930@gmail.com -d www.eridu.lt

and it did create additional certificates (duplicated existing ones). I thought I would wait and see how will it behave. And page next day had expired cert. Then I manually removed all certs from several dirs (eg. rm -rdf /etc/letsencrypt/renewal) hoping to run clean cert creation.


#4

Never add --force-renewal to your cron job.

Never delete certificates.

If you use certonly, the certificate isn’t installed, so your old certificate isn’t replaced.

The cron job is the wrong place to test such things.


#5

Well yeah I now read there is a sandbox mode. But what should we do now?


#6

So does anyone know what should I do at this point?
I expected that rate-limits are restored on Monday and Friday. Was I wrong?
Will I have to wait for another couple of days to finally be able to recreate cert?

Please help it is quite urgent…


#7

The rate limit is a sliding window. You have created 5 certificates 2019-01-31, so you can create the next certificate 2019-02-06.

Deleting active and valide certificates is always a bad idea.

You can add a second domain name (www or something else), but then you must validate the second domain name. And there is a maximum of 50 certificates per domain per week.


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.