Error creating new order :: too many certificates already issued for exact set of domains

My domain is: anykey.host

I ran this command: sudo certbot --apache -d anykey.host -d www.anykey.host

It produced this output: An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: anykey.host: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: msk.host

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I made this mistake. I myself issued too many certificates for my domain name and lost access to everyone. Is it possible to revoke previously obtained certificates? This error will not be repeated again.

1 Like

Yes, that’s possible, but no it won’t lift the rate limits: the resources for issuing the certificates has already been “spent” and revoking won’t bring those back.

One thing I don’t understand really is why the domain of the command you ran differs from the domain from the error message?

1 Like

I copied this error message from another topic and did not notice that the domain name is written there.

Is it possible to get another certificate without waiting for a cool down?

Yes, that’s possible with a little trick, but that would undermine the rate limits set by Let’s Encrypt. Those rate limits are there for a reason. If you read the rate limit closely and think about what every piece of the error message means (and read the rate limit documentation about other potentional rate limits), you can figure the little trick out by yourself :slight_smile:

1 Like

Can you tell me this trick? I promise to keep it a secret.

Please read:

  

1 Like

I’m too stupid for this shit.

Wait, where are the certificates you issued already?

1 Like

I doubt it. And it’s not like it’s all that secret; if you search around here in the hundreds of other topics with the exact same error message, you’ll likely find it there. Or, as Osiris said, make some reasonable deductions about what the rate limit covers and act accordingly. Or recover one of the five identical certs you’ve already been issued. Or wait for a week since the time the first one was issued.

1 Like

I reinstalled the OS with these certificates.

The trick is that you can add an extra subdomain, in which case the requested certificate will no longer apply to the “exact set of domains”. There is a different rate limit that can still apply (certificates per registered domain), but it is significantly large than the exact set of domains limit.

2 Likes

Hi even I have this problem I change the vps but I am getting error so what can I do now to solve this issues but I have old certificate with me I have downloaded from old vps can I upload that certificate through putty. and I am sharing the image for error.
12

How do you recover an old certificate if you have hit a rate limit? I am having the same issue. I was having problems with Cpanel and installed the site a few times through WHM. Each time I issued a certificate. Now I have it all ok with Cpanel and I am not allowed to issue another certificate. I though the rate limit was 50 and I am nowhere near that.

There are multiple rate limits (all of which are well-documented); the relevant one is that Let’s Encrypt will only let you obtain five identical certs within a seven-day period. You’re asking them to do work for you (for free); they assume you’ll do them the courtesy of not throwing away the result. If you’re testing things out, that’s what the staging environment is for.

I just learned about the testing environment after the fact and will use it for now on. Are you able to point me in the direction of how to reuse one of the 5 original certificates?
Thank you.

The certificates themselves can be downloaded from crt.sh or any of the other certificate transparency sites. But unless you’ve saved the private key corresponding to one of them, you won’t be able to use the cert either.

thank you. i will keep it in mind for next time. I unfortunately wiped the site each time and started over. I will know better in future. i appreciate your time and help :slight_smile: