I can't generate my certificat

OsymandiasII · November 8, 2020, 2:33pm

Hello i have trouble creating a certificat. It seems that i have too much certificats but it's the first time that i try to create one.

My domain is: vps804030.ovh.net

I ran this command: sudo ./letsencrypt-auto certonly -d vps804030.ovh.net --manual

It produced this output: An unexpected error occurred:

There were too many requests of a given type :: Error creating new order :: too many certificates already issued for: ovh.net: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): nginx/1.14.1

The operating system my web server runs on is (include version): CentOS Linux 8 (Core)

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know

I know about the limit, but i only ran this command one time, just after installing letsencrypt, that's why i don't understand why i have this error.
Thank you

griffin · November 8, 2020, 2:39pm

Welcome to the Let's Encrypt Community, Malandain

You are seeing this error because ovh.net itself has been rate-limited (as a result of other users' certificates). This is not because of your actions. You will probably want to contact OVH about this.

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com , the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued , possibly with additional details.

If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate . Combined with the above limit, that means you can issue certificates containing up to 5,000 unique subdomains per week. A certificate with multiple names is often called a SAN certificate, or sometimes a UCC certificate. Note: For performance and reliability reasons, it’s better to use fewer names per certificate whenever you can.

OsymandiasII · November 8, 2020, 2:41pm

Thank you for your answer.
I'll try to contact OVH.
Thanks again

griffin · November 8, 2020, 2:44pm

You can also try again tomorrow. Hopefully you can hit a window of time when they haven't gotten so many certificates. In the meantime, try adding --dry-run to your certbot command to test your process. That way, you'll be ready when you try to get a real certificate.

danb35 · November 8, 2020, 2:46pm

I would expect the intended solution to be that you would instead get a cert for your own domain name, rather than for a transient hostname assigned by your VPS host.

griffin · November 8, 2020, 2:49pm

I concur with @danb35. Trying to get certificates for subdomains of a large host can be extremely challenging. Often the host will need to "package" the subdomains into big certificates, which can create privacy issues if the private key for the certificate needs to be handled for unrelated subdomains.