Is there a work around too many attemps. Can you install a previouis certificate from a previous issueer?

Help
#1

I had security issues that I could not get past and many uninstalls and reinstalls. Long story short, it ended up being a setting in our new router. I was not aware that there was a limit. I do now. Is it possible to use a previous certificate from the ones I see from these links. https://www.digicert.com/help/ or https://crt.sh/?q=sapphireinkntoner.com&dir=v&sort=3&group=icaid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sapphireinkntoner.com

I ran this command: Automatically enabled HTTPS via Kinsta.com

It produced this output: ```
The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk. We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued, possibly with additional details.


The operating system my web server runs on is (include version):nginx/1.19.6

My hosting provider, if applicable, is: Kinsta.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I am a new user to Kinsta.com and use their tools. Not quite sure.

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):
2 Likes
#2

Welcome to the Let's Encrypt Community, Aline :slightly_smiling_face:

Yes, it is possible to reinstall an existing, unexpired certificate IF you still have the private key for that certificate.

The rate limit you've cited is the wrong one.

The Duplicate Certificate limit of 5 per week is reported with the error message too many certificates already issued for exact set of domains.

A certificate is considered a duplicate if it covers the exact same SANs (in any order) as another certificate.

2 Likes
#3

Hi griffin,

Thanks for the reply. The quote, "When it rains, it pours", was what hit me over the holidays. My laptop broke, a new router, learning curves, and this one is a big one. I do not have copies of my private keys. I've never had issues because it was a simple process my hosting provider did for me. I am now getting more involved and learn one hard lesson at a time. One week without ssl means one week without any orders and that stings. I've spent all morning reading and researching and not any closer to an answer. Is there anything you can suggest as a work around?

3 Likes
#4

I can. :slightly_smiling_face: Just be certain to back up your new certificate and private key.

Add another subdomain onemorecert.sapphireinkntoner.com to your DNS via a CNAME pointing to sapphireinkntoner.com then create a new certificate covering sapphireinkntoner.com, www.sapphireinkntoner.com, and onemorecert.sapphireinkntoner.com.

2 Likes
#5

Before I press that button to generate ssl, I'd like to confirm the steps. Which one should be made primary?

image.png
image.png1319×582 26.6 KB

And I have added CName

image.png
image.png954×257 5.39 KB

2 Likes
#6

Your apex domain name (sapphireinkntoner.com).

2 Likes
#7

Griffin,

Thank you so much for your assistance. Learning as you go by making mistakes is how you learn but sometimes, a little nudge in the right direction makes a huge difference. With that said, one last question please. should I be checking all three or just the sub-domain. I don't want to ruin my chances of being saved. lol

image.png

2 Likes
#8

You need the certificate to cover all three.

Once your certificate has been successfully generated, you should see it when you click the link below.

1 Like
#9

Jonathan, am I allowed to say I will love you forever! lol...Amazing. After 3 agents with my hosting provider and got three different replies and all ended up saying wait 7 days and here you come...It worked.

I'm going to push my luck. You said to make a copy of the certificate ID so I want to make sure I do that. Where would I find that?

Aline Duchesne

Sapphire Ink N Toner
647-932-6497

888-380-5538
sapphire@sapphireinkntoner.com

www.sapphireinkntoner.com

Premium Inks, Toners, & Drums
A cost effective alternative to overpriced OEM Products

If you no longer wish to receive emails from Sapphire Ink N Toner, Unsubscribe.

3 Likes
#10

Johathan, that did not fix the issue. Both http and https show as Not Secure. I must be missing something. My hosting agent says that it does not matter because I cannot get an ssl certificate for 7 days for the https or http to work as secure.

Yes, I am a little over my depth.

2 Likes
#11

Better think again. :wink:

Screenshot_20210119-183134_Samsung Internet
Screenshot_20210119-183134_Samsung Internet1440×2722 385 KB

Screenshot_20210119-183123_Samsung Internet
Screenshot_20210119-183123_Samsung Internet1440×2722 322 KB
Screenshot_20210119-183017_Samsung Internet
Screenshot_20210119-183017_Samsung Internet1440×2722 252 KB

1 Like
#12

Ignore last email Jonathan. It all works now. Must have been that I had to wait for a few minutes. I'm not very patient.

Thank you very much for your assistance.

2 Likes
#13

The problem is that you don't have an http to https 301 (permanent) redirect in place.

This is fine:

https://www.sapphireinkntoner.com
301 Moved Permanently
https://sapphireinkntoner.com/
200 OK

This:

http://www.sapphireinkntoner.com
301 Moved Permanently
http://sapphireinkntoner.com/
200 OK

should be this:

http://www.sapphireinkntoner.com
301 Moved Permanently
https://sapphireinkntoner.com/
200 OK

This:

http://sapphireinkntoner.com
200 OK

should be this:

http://sapphireinkntoner.com
301 Moved Permanently
https://sapphireinkntoner.com/
200 OK

I noticed that WordPress appears to be handling your redirects. This is not per se the most efficient way, but it is very easy.

  1. Go to Settings >> General
  2. Look for WordPress Address (URL) and Site Address (URL)
  3. Set both to https://sapphireinkntoner.com

Here are other ways:

2 Likes
#14

Your webserver probably hadn't completely reloaded yet, which is always necessary when installing a new certificate. You can instigate this yourself by running:

nginx -s reload

2 Likes
#15

I have downloaded a copy from my ftp files and changed my rul's in wordpress. and all should be good now. (cross my fingers)

Aline Duchesne

Sapphire Ink N Toner
647-932-6497

888-380-5538
sapphire@sapphireinkntoner.com

www.sapphireinkntoner.com

Premium Inks, Toners, & Drums
A cost effective alternative to overpriced OEM Products

If you no longer wish to receive emails from Sapphire Ink N Toner, Unsubscribe.

2 Likes
#16

I can confirm that your redirects are indeed correct now. You're good to go. :blush:

You can remove the onemorecert CNAME now and change your certificate configuration before you renew your certificate to not include onemorecert.

2 Likes
#17

You have been a tremendous help Jonathan. I may just leave things as they are for a week or so. As you can see I am not an expert. I would hate to make an error and have to start again. I will come back in a week so if I do, I can generate another.

Thank you.

3 Likes
#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.