I’m trying to obtain a certificate for the domain
h2763395.stratoserver.net. I ran the command
sudo certbot --nginx -d h2763395.stratoserver.net
on my Ubuntu 16.04 LTS server with nginx version 1.10.3 (Ubuntu) which produced the output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for h2763395.stratoserver.net
Using default address 80 for authentication.
nginx: [warn] conflicting server name “h2763395.stratoserver.net” on 0.0.0.0:80, ignored
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: stratoserver.net: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
After googling a bit, I found this very convenient tool to see the last certificates issued for a certain domain. So I ran
Unfortunately, I can’t post the output here, because each domain name is converted to a link and new users are restricted to 20 links per post. But the upshot is that there is a long list of more than 300 certificates concluding with the information that the rate limit has been reached but would expire on Wednesday 2018-Mar-21 12:41:00 CET.
If I understand this correctly, the statement that I could issue new certificates on Wednesday 2018-Mar-21 12:41:00 CET is because the 20th certificate in the list was issued 7 days (and 61 minutes) before this time.
My problem is the following: Inspecting the output of
lectl I noticed that there are many 7 day windows in which more than 20 certificates were issued, e.g. the last 7 days. I thought that this must be due to renewals also appearing in the list but not contributing to the rate limits, am I right about that? Consistently with this, I observed that the expiration time reported by the
lectl moves further into the future over time.
If this is the case, how can I know when the rate limit will expire the next time? Is there a better way to do this than to periodically send requests and hope for the best?
Or is there something else I’m doing wrong?
I’m really stuck at this and any help would be very much appreciated!