Plesk - cert doesnt renew, too many certificates already issued, (3 certs)

  • domain -
  • command line: no command line, it’s a Plesk interface, certbot isn’t installed
  • output: Error: Let’s Encrypt SSL certificate installation failed: Invalid response from Error creating new cert :: too many certificates already issued for exact set of domains: Type: urn:acme:error:rateLimited.
  • OS and server: Centos6, Plesk 12.5.3 , NGINX on the primary, Apache on the subdomains.
  • VPS

The domain had 3 certs on it, the domain itself, and two subdomains (dev.pheriche and sharedfiles.pheriche) (now removed).

The certs were installed around December 2016 and worked fine since then, but now I’ve got this error and no real clues on how to resolve it. Can anyone give me an idea what’s going wrong.
I wouldn’t have thought 3 certs on a domain was too many, and looking for solutions in /usr/local/psa/var/modules/letsencrypt/etc/renewal I only see those 3 certs and one other for another domain. So, again, not really " too many certificates"


Hi @steve-pher,

No, 3 certs on a domain are not too much, 3 domains on the same cert are also not too much. The "too much certificates" error is because you have issued 5 certificates for the exact same subset of domains in last 7 days. You can check the rate limits for Let's Encrypt here Rate Limits - Let's Encrypt

I'm quoting the part that is affecting you:

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [,], you could request four more certificates for [,] during the week. If you changed the set of names by adding [], you would be able to request additional certificates.

And yes, you are issuing certificates but seems your Plesk is not using them:

CRT ID     DOMAIN (CN)               VALID FROM              VALID TO                EXPIRES IN  SANs
130074924              2017-Apr-28 01:01 CEST  2017-Jul-27 01:01 CEST  89 days
128946304              2017-Apr-26 01:01 CEST  2017-Jul-25 01:01 CEST  87 days
128171194              2017-Apr-25 01:01 CEST  2017-Jul-24 01:01 CEST  86 days
127193263              2017-Apr-24 01:01 CEST  2017-Jul-23 01:01 CEST  85 days
126541639              2017-Apr-23 01:01 CEST  2017-Jul-22 01:01 CEST  84 days
125663690              2017-Apr-22 01:01 CEST  2017-Jul-21 01:01 CEST  83 days
124804720              2017-Apr-21 01:01 CEST  2017-Jul-20 01:01 CEST  82 days
122676470              2017-Apr-18 12:59 CEST  2017-Jul-17 12:59 CEST  79 days
122350392              2017-Apr-18 01:01 CEST  2017-Jul-17 01:01 CEST  79 days
121456861              2017-Apr-17 01:01 CEST  2017-Jul-16 01:01 CEST  78 days
120559263              2017-Apr-16 01:01 CEST  2017-Jul-15 01:01 CEST  77 days
119663826              2017-Apr-15 01:01 CEST  2017-Jul-14 01:01 CEST  76 days
118792978              2017-Apr-14 01:01 CEST  2017-Jul-13 01:01 CEST  75 days
109527111  2017-Mar-28 01:02 CEST  2017-Jun-26 01:02 CEST  58 days
109526890          2017-Mar-28 01:01 CEST  2017-Jun-26 01:01 CEST  58 days
97521007  2017-Feb-28 01:01 CET   2017-May-29 02:01 CEST  30 days
97520900          2017-Feb-28 01:01 CET   2017-May-29 02:01 CEST  30 days
92885983          2017-Feb-15 15:28 CET   2017-May-16 16:28 CEST  17 days

I'm not using Plesk and don't know how it works so I can't help you with that but you should review your Plesk conf.

Good luck,

1 Like

I came here to post an identical issue, also using Plesk on CentOS6. It started on 2nd of May. I too am baffled because I only have 2 subdomains on each domain that required a renewal on 2nd May (so a total of 6 certs across 2 domains). The other 2 or 3 domains I use Let’s Encrypt certs on weren’t due for renewal until around June.

I’ve contacted Plesk support who don’t seem to know what’s going on.

Did you get any further with this? I’m seeing the exact same errors (“too many certs for exact set of domains”) in my panel.log.

Is it possible this is a repeat of the issue last May where new certs were being generated as opposed to renewals?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.