Error creating new order :: too many certificates already issued for exact set of domains

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: satellitedelivery.com

I ran this command:
sudo /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --standalone -d ā€œ$LETSENCRYPT_DOMAINā€ -d ā€œwww.$LETSENCRYPT_DOMAINā€ --renew-by-default

It produced this output:
Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: satellitedelivery.com,www.satellitedelivery.com: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):
Amazon AWS EC2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I donā€™t know):
yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot):
certbot 1.7.0

2

What did it produce the first five times you ran it?

This is the command you should have run (and use certonly only if you actually know what it means):

sudo /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --standalone -d ā€œ$LETSENCRYPT_DOMAINā€ -d ā€œwww.$LETSENCRYPT_DOMAINā€

Or even a simple:

sudo /opt/certbot/certbot-auto renew
3

It was working fine when i executed for the first time. I checked the .pem files not available now. I am not sure how it happened. How can i recover it now ?

4

There is no way that command made your .pem files disappear.

What did you actually do, and what are you trying to achieve?

5

I just want to have the existing certificates to be used or obtain a new certificate to use for the domain. I will make sure this mistakes does not happen againā€¦ I did not know how .pem files got removed from EC2 instance.

6

Whatā€™s the output of

sudo /opt/certbot/certbot-auto certificates

?

7

sudo /opt/certbot/certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certs found.

8

You do realize you issued five certificates two days ago?

https://tools.letsdebug.net/cert-search?m=domain&q=satellitedelivery.com&d=168

Were those on this instance? Did you switch machines? Did you rm -rf random directories? :smiley:

9

Ah, machines got swapped last night due to load balance i think.

10

I guess the certificates you need are on the other machine. Go and copy them.

If thatā€™s not possible, Iā€™ll help you go around the rate limits, but first try and use the certs you already have.

11

Is it possibe to help me to recover the SSL from Duplicate certificates?

12

It is not possible to access the previous machine. Please help me with rate limitsā€¦

13

Ok, tell me what application needs to use these certificates. Is it a webserver? Which one? (ā€œAmazon AWS EC2ā€ is not a webserver, itā€™s a machine)

14

Amazon EC2 which i use it for Elastic Beanstalk application

15

Apache? nginx? some other webserver?

Put it online without ssl.

16

I was using APache in EC2

17

Ok, do you know how to install ssl certificates in this webserver, and how to reload this webserver on certificate renewal?

18

It would be good if you can share me the exact steps to do soā€¦ I have tried it, but to be confident enough requesting your help

19

if you are using apache itā€™s a simple matter of putting apache online and then run this one command:

sudo /opt/certbot/certbot-auto --apache

and follow its instructions.

to go around the rate limits you either have to use one certificate for www and one for non-www, or you have to add a third subdomain to your certificate (add it to your dns before trying, and use certbot --dry-run before doing something stupid :wink: ).

20

sudo /opt/certbot/certbot-auto --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

[Sun Aug 09 07:57:26.297519 2020] [so:warn] [pid 22412] AH01574: module ssl_module is already loaded, skipping
AH00526: Syntax error on line 10 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file ā€˜/etc/letsencrypt/live/satellitedelivery.com/fullchain.pemā€™ does not exist or is empty

Unable to run the command: systemctl restart httpd
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(ā€˜Unable to run the command: systemctl restart httpdā€™,)