Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: autobahn.es
I ran this command:
It produced this output:
My web server is (include version): Sophos
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I have been using my Sophos XG firewall appliance (which has Letsencrypt built in) for almost a year now without problems.
However recently ALL of my Letsencrypt certs could not be renewed and throw the error listed about. The strange thing is that it says "too many domains" when in reality there is only one single domain being registered for the certificate without any subdomains. Other domains have a max of 2 domains in total to be encrypted, but I am getting the same error.
The message that you shared in the topic title does not say
It says that you have already obtained the maximum allowable number of certificates using that exact set of domain names. You can learn more about rate limits in the following document:
If your Sophos is not using the certificates that you obtained, you may want to inquire in the Sophos community for guidance from those more familiar with your application.
Well, that's strange, because it's malfunctioning for sure. See your history of certificates at crt.sh | autobahn.es: for some reason you're issuing a certificate almost DAILY since 2024-11-26!
That's the strange part! I only have one single domain on that certificate which is AUTOBAHN.es. This domain also has no subdomains, so its just that one single domain that should be requesting a certificate which adds to my confusion with the error message.
Alrighty! That's a starting point! The question would then be is there a dirty workaround to get it running for the time being? I have tried removing the certificate from the appliance and getting a new one, but I continue to get the same error message. Would deleting the certificate and waiting a couple of days get the certificate back while I try to figure out what is going on with the daily renewal?
I'm not sure why you are confused by the message that plainly indicates that you have already obtained the maximum allowable certificates that contain only that one name. One is a mathematically valid number to be the total of domains in the certificate.
You have three options:
Use one of the many identical certificates that you recently obtained
Request a new certificate that contains a different combination of domains
The error message from Let's Encrypt says exactly when you might get another certificate.
But, please review your Sophos device. It should not be requesting a new cert every day. As already pointed out you have been getting a new cert nearly every day since Nov26. Something changed in your system at that time.
Please also see the Rate Limt page you were shown. This section is for the error you describe: Rate Limits - Let's Encrypt
It has nothing to do with how many domains are in the cert. It is how many times you are issued a cert for the identical set of names.
Thanks! I was interpreting the error message wrong. I thought initialy that for some odd reason I was requestion 5 different certificates for 1.autobahn.es, 2.autobahn.es, 3.autobahn.es, etc and not that I was requesting 5 certificates for autobahn.es.
Concerning the change, I believe some kind of firmware update was done at that time which might have caused the issue and I will be submitting a ticket to Sophos for that since it clearly isn't a LetsEncrypt error.
Thanks everyone for pointing me in the right direction!
