Lost access to old hosting server

UBIShares · November 3, 2020, 6:01pm

Hello Team,
For resolution of the following error:

Failed to create order: Error creating new order :: too many certificates already issued for exact set of domains: ubishares.com,www.ubishares.com: see https://letsencrypt.org/docs/rate-limits/

 One of our team member have accidentally deleted the hosting server and all its file. Now we want to create new certificate but we have reached to our rate limit. I would like to get help with one of the following

Either please do increase our rate limit
Remove all old certificates as we dont have access to those keys anymore since the email associated with it.

Thanks

JuergenAuer · November 3, 2020, 6:01pm

Hi @UBIShares

please read the link shared in the error message.

Then you will see. Both isn't possible.

Creating and deleting too much certificates is a waste of resources -> then you have to wait.

Osiris · November 3, 2020, 6:48pm

That's not possible.

What is there to remove? Certificates are published in Certificate Logs (CT) and can be found by anyone at CT aggregators such as crt.sh. Even if Let's Encrypt would remove their copy of the certificate (and I assume they only keep a certificate for a small amount of time), it wouldn't do you any good.
Also, I don't understand the "email associated with it" part at all.

But for the resolution of your issue:

Recover the certificate from a recent backup of your hosting server.

I assume you do have backups, right? If not, you're now finding out the hard way that you should have made backups.

Note: I find your demanding attitude quite uneasy.

rg305 · November 3, 2020, 8:47pm

If I understand your problem correctly.

A fully functional server was deleted (perhaps by accident) and now can't be restored
You have attempted to replace this servers' functionality from scratch and since ran into a problem while testing the new certbot setup (and probably still don't have it "working correctly")

You need to stop and think (and perhaps review your documentation and backup/restore procedures).
And understand that the reason your certbot access has been limited by LE is that you are using their production system for testing.

You need to use the LE testing system for testing

Once all LE tests have been passed, then you move to LE production system.

Rip · November 3, 2020, 8:57pm

Backups are extremely important.

Osiris · November 3, 2020, 9:07pm

@Rip Thankfully, The Way Back Machine can't backup private keys @UBIShares would still need their private backup for that

Rip · November 3, 2020, 9:15pm

Absolutely. No doubt about it. I may have over-read the thread... I'm not certain @UBIShares acknowledged the existence of a backup of any kind.
Might be time for a "ground up" overhaul.

Osiris · November 3, 2020, 9:20pm

Oh, I'm sure @UBIShares did not acknowledge the existance of such a backup, but that doesn't mean there isn't one.

Using the Way Back Machine is a good suggestion for front-end content indeed though. Unfortunately, not for back-end content such as scripts and/or private keys

webprofusion · November 4, 2020, 8:10am

For what it's worth, a technique to get a cert (in an emergency) when you've hit your rate limit on the exact set of domains is to simply add another domain you can also complete validation for (e.g. point xyz.ubishares.com at your server and also add that to your cert).