Lost certificates and cannot request more due to limit


First i’ll start out informing that for security reason I’m not allowed to share the domain names in this topic.
I’ll be referring to the two names used as DNS1 and DNS2.

I have recently started to try out letsencrypt making a full deployment of Elasticsearch Stack inside AWS using terraform and Ansible scripts.
In order to secure my connections I creates/requests certificates using certbot command to my NGINX

sudo certbot --nginx --agree-to --no-eff-email --redirect --register-unsafely-without-email -d ,

I get this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: ,: see https://letsencrypt.org/docs/rate-limits/

I have retrieved the PEM-file from crt.sh and tried to revoke the certs

sudo certbot revoke --cert-path /*************.crt

I get this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
The client lacks sufficient authorization :: The key ID specified in the revocation request does not hold valid authorizations for all names in the certificate to be revoked
Please see the logfiles in /var/log/letsencrypt for more details.

Currently using:
certbot 0.31.0

As I have been applying and destroying using terraform a bounch of times I didnt pay attention to actually doing a revoke beforehand.

Anyone able to point me in right direction for what needs to be done to get all the certificate revoked ?
Any help is appriciated.

1 Like

Hi @dhl80

looks like you didn’t read that link:

Revoking certificates does not reset rate limits , because the resources used to issue those certificates have already been consumed.

1 Like

Thanks for your reply.

Yes I did read that part however I didn’t notice that weekly limit is 10 and not 50 as described on the page.

But thanks again

1 Like

You’re reading the wrong part of that page. There’s one limit of 50 certs/domain/week. There’s a separate limit of 5 identical certs/week, and that’s the one you’ve hit. Wait for a week from the time the first cert was issued and you’ll be able to issue a new one. In the meantime, use the testing environment for testing (that’s what it’s there for).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.