Due to my mistake, I requested the certificate too many times, now I have this error: Failed to create order: Error creating new order :: too many certificates already issued for exact set of domains:
I have read the regulation but I did not understand how long I have to wait before regenerating the certificate. Can anyone help me ?
Do you still have any of those certs?
Otherwise, it may be one week since the fifth cert was issued.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it 
]
Unfortunately no, I always had to recreate the vm
Oh, then you may have to wait...
Until there are less than five that have been issued in the past week.
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
Do you know how long I have to wait that I have not understood correctly?
You created five certs today (with the exact same set of names).
You can only have five such certs issued in a week (7 day period).
You will have to wait one week for that threshold to clear.
OR
You can issue a cert that is NOT for the exact same set of names (in this case the single name).
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it ]
That's not a very considerate way of "consuming" certificates. It costs Let's Encrypt resources to generate a certificate. Heck, it costs Let's Encrypt considerable resources for the next 90 days, because of signed OCSP responses required for every issued certificate.
Just because Let's Encrypt certificates are free for you, it doesn't mean it doesn't cost something, in this case Let's Encrypt. Imagine if thousands other people are thinking like you (with 7 billion people on the world not an unlikely scenario): it would cost Let's Encrypt a lot of resources, just because you're recreating your VM without storing the certificates on a permanent location!
For testing there's the Staging Environment, please use that if you're not ready for production grade services.
I apologize for this mistake, I have been using it for years but it had never happened to me, every time I recreated the machine, I revoke the certificate and thought it was not a problem. However, among the many snapshots I found ubn .p7b valid until January. The problem is that I can not install it on skype4b, I believe because I am missing the primary key. What advice?
But yet, you have much to learn:
If the private key hasn't been compromised, there isn't really much use for revoking the certificate. More so, because the LE certs are valid for just 90 days. So even if an old backup for example would be somehow compromised, if it's older than 90 days, it wouldn't matter, as the cert(s) would have been invalid anyway.
A certificate should always be accompanied with a private key. If you don't have the private key corresponding to the public key inside the certificate, the certificate is useless.
If you don't have any private key in your posession any longer and you can't get a new certificate because of the rate limits, you'll just have to wait. And learn from this experience.
With a little patience I recovered the private key.
You can give me some advice because with this new certificate, erifying the installation of skype4b, microsoft writes me: The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled .:
Thanks Alessandro
Here is a cool tool that could help you get out of this mess:
https://whatsmychaincert.com/generate?include_leaf=1;host=YOUR.SITE.NAME
If not obvious, you will need to replace "YOUR.SITE.NAME" with your sites' name (FQDN).
[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it 
]
We live and learn, my friend. 
We'll always do our best to help you out how we can, Alessandro.
Hi griffi and rg305
With the new certificate I have problems and I can not understand if it is the fault of the new certificate or something on skype4B servers. Can you tell me if it's normal for you to report me microsoft on their Test site
Not enough is shown to know for certain.
It seems that your Windows doesn't like the cert.
Have you done all the "Windows Updates" ?
Also, sometimes, MS is picky about which names are on the SAN and which name is in the CN.
You would have to ask MS if they has any such specific requirements on the cert they use for S4B.
!
Hi @GhezziA
checking your port - https://check-your-website.server-daten.de/?q=sip.eservizi.it%3A5061 - your installed certificate is revoked.
Revoked: The certificate is revoked.
And it sends the intermediate certificate that uses the
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 5336 days
That's good. But it's unknown if the error message happens because your certificate is revoked (so the error message may be not so good).
So: Hitting the limit -> wait, then create one new certificate, then install it.
And check, if the ISRG root is installed.
PS: The warning isn't so really relevant. It's more a client warning. If an older Windows client tries to connect your server, that may fail.
But your server doesn't send the root certificate (that's good), so it's not really a server problem.
It's a warning, not an error.
Hi All
There is a way to check if a certificate has been revoked, because if you install the certificate in the windows store, they are always valid . Is there a way to verify?
Thanks Alessandro
3 posts were split to a new topic: Download certificate without private key
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.