Let me know how I open a bug against the LetsEncrypt CA

Relates to the problem of trying to fallback from a wildcard cert to simple cert, which is currently impossible, as this triggers a rate limit error of too many certificates already issued for exact set of domains... which is wrong...

This results in certs which can never be renewed, if the wildcard cert becomes corrupt or the wildcard client begins failing.

https://community.letsencrypt.org/t/changing-from-wildcard-cert-to-simple-cert-triggers-rate-limit-failure/143237 provides more discussion about this problem.

Where do you believe the bug is? As shown in that thread, you successfully issued five certs without the wildcard, and have apparently deleted them. That's your problem, not certbot's problem, and certainly not the CA's problem.

6 Likes
  • Bugs in the Let's Encrypt CA software "Boulder" can be filed on the Boulder Github repository
  • Bugs in the EFF ACME client "certbot" can be filed on the certbot Github repository
  • General Let's Encrypt issues not pertaining to Boulder nor certbot can be discussed here on the Community.

That said, I concur with @danb35: currently I don't have any reason to believe there is a bug in neither Boulder nor certbot.

3 Likes

@davidfavor

I feel like I'm late to the party, but I'm really trying to understand what you're seeing here, David.

From your certificate history:

in one day you successfully acquired these five certificates covering davidfavor.com and www.davidfavor.com:





which triggered the rate limit of 5 certificates covering the exact same SANs within any 7-day period.

Two days later, you successfully acquired a certificate covering davidfavor.com and *.davidfavor.com:

  • Are you saying that at this point you attempted to acquire another certificate covering davidfavor.com and *.davidfavor.com and were given the message too many certificates already issued for exact set of domains?

  • Could you possibly have accidently tried to acquire another certificate covering davidfavor.com and www.davidfavor.com instead?

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.