No new certificats available

lc625 · May 18, 2026, 6:31pm

Hello,

I have recently run into an issue when creating SSL certificates through NGINX Proxy Manager.

For months, my existing setup consisting of an NPM container and Let's Encrypt certificates has been working without any problems. A few days ago, however, I tried to create a new certificate for an additional application. Since then, I keep getting the same error message, which claims that too many certificates have already been issued for the domain “home64.de”:

An unexpected error occurred:

"too many certificates (1000) already issued for "home64.de" in the last 168h0m0s, retry after 2026-05-18 10:42:26 UTC"

However, I find it hard to believe that the issue is not caused by something on my side. Because of that, I have already tried several things:

Waited for the suggested retry intervals before trying again
Verified that the container has working internet connectivity
Confirmed that nothing in the previously working setup has been changed
Deleted all specific certificates (e.g. “exactthis.domain.home64.de”)
Tried using only a wildcard certificate instead

Unfortunately, the exact same error also appears when requesting the wildcard certificate.

Additionally, Certbot confirms that there are currently no certificates present anymore.

I would really appreciate it if someone could point me in the right direction or help me troubleshoot this issue. Thanks in advance!

My domain is: home64.de

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): debian 7, i.e. open media vault

My hosting provider, if applicable, is: selfhosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NGINX proxy manager

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · May 18, 2026, 6:56pm

That domain is shared by many people. The 1000 in the error message indicates how many were issued in the past week. My log search shows a total of over 140,000 but many of those are renewals which don't count for that particular rate limit.

That domain should probably be in the public suffix list but that has to be done by the registered domain owner.

They must have asked for a rate limit from Let's Encrypt because the default is ~~5 identical~~ 50 new certs per week per registered domain - not 1,000.

linkp · May 18, 2026, 6:56pm

The domain home64.de is not listed on the Public Suffix List, so if that is not your domain, but it is a shared domain that allocates individual subdomains to different users, that is going to account for the problem.

The rate limits will apply across home64.de which means the ability of subdomain holders to obtain Let's Encrypt certificates will be severely impacted. You may want to get your domain that you dont share with other unrelated parties.

lc625 · May 18, 2026, 7:15pm

Thank you very much for the quick and comprehensive response. In that case, I could probably search for a solution on my end forever. I will forward this information to the owner of the domain. Thanks again.

danb35 · May 18, 2026, 7:35pm

The relevant limit would be 50 certs/domain/week, not the "5 identical cert" limit--but in either case, 1000 far exceeds it, so I'd agree that indicates an exception had been granted.

MikeMcQ · May 18, 2026, 7:38pm

Oh, right. Thanks. 5 is the limit for identical certs but 50 is how many new certs for a registered domain (here). I updated my post.

orangepizza · May 19, 2026, 3:57am

I think they have ratelimit override to 1000, but it already reached.

github.com/letsencrypt/boulder

ratelimits/limiter.go

04140d07e


      
          
          	case CertificatesPerDomain, CertificatesPerDomainPerAccount:
          		// Uses bucket key 'enum:domainOrCIDR' or 'enum:regId:domainOrCIDR' respectively.
          		idx := strings.LastIndex(d.transaction.bucketKey, ":")
          		if idx == -1 {
          			return berrors.InternalServerError("unrecognized bucket key while generating error")
          		}
          		domainOrCIDR := d.transaction.bucketKey[idx+1:]
          		return berrors.CertificatesPerDomainError(
          			retryAfter,
          			"too many certificates (%d) already issued for %q in the last %s, retry after %s",
          			d.transaction.limit.Burst,
          			domainOrCIDR,
          			d.transaction.limit.Period.Duration,
          			retryAfterTs,
          		)
          
          	case CertificatesPerFQDNSet:
          		return berrors.CertificatesPerFQDNSetError(
          			retryAfter,
          			"too many certificates (%d) already issued for this exact set of identifiers in the last %s, retry after %s",

@IPv64 it looks like older ratelimit override filled, you may need to ask for bigger overide or make it as public suffix.

Topic		Replies	Views
Error creating new order :: too many certificates already issued for "us.to" Help	2	518	February 8, 2024
Error creating new order :: Too many certificates already issued for exact set of domains Help	7	8246	February 11, 2020
Issues creating certificates Help	2	627	May 7, 2022
Too many certificates Help	2	562	August 1, 2019
Error creating new order too many certificates already issued for Help	2	1538	March 24, 2022

No new certificats available

Related topics