OS and server: Centos6, Plesk 12.5.3 , NGINX on the primary, Apache on the subdomains.
The domain had 3 certs on it, the domain itself, and two subdomains (dev.pheriche and sharedfiles.pheriche) (now removed).
The certs were installed around December 2016 and worked fine since then, but now I’ve got this error and no real clues on how to resolve it. Can anyone give me an idea what’s going wrong.
I wouldn’t have thought 3 certs on a domain was too many, and looking for solutions in /usr/local/psa/var/modules/letsencrypt/etc/renewal I only see those 3 certs and one other for another domain. So, again, not really " too many certificates"
No, 3 certs on a domain are not too much, 3 domains on the same cert are also not too much. The "too much certificates" error is because you have issued 5 certificates for the exact same subset of domains in last 7 days. You can check the rate limits for Let's Encrypt here Rate Limits - Let's Encrypt
I'm quoting the part that is affecting you:
We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.
And yes, you are issuing certificates but seems your Plesk is not using them:
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
130074924 pheriche.com 2017-Apr-28 01:01 CEST 2017-Jul-27 01:01 CEST 89 days pheriche.com
128946304 pheriche.com 2017-Apr-26 01:01 CEST 2017-Jul-25 01:01 CEST 87 days pheriche.com
128171194 pheriche.com 2017-Apr-25 01:01 CEST 2017-Jul-24 01:01 CEST 86 days pheriche.com
127193263 pheriche.com 2017-Apr-24 01:01 CEST 2017-Jul-23 01:01 CEST 85 days pheriche.com
126541639 pheriche.com 2017-Apr-23 01:01 CEST 2017-Jul-22 01:01 CEST 84 days pheriche.com
125663690 pheriche.com 2017-Apr-22 01:01 CEST 2017-Jul-21 01:01 CEST 83 days pheriche.com
124804720 pheriche.com 2017-Apr-21 01:01 CEST 2017-Jul-20 01:01 CEST 82 days pheriche.com
122676470 pheriche.com 2017-Apr-18 12:59 CEST 2017-Jul-17 12:59 CEST 79 days pheriche.com
122350392 pheriche.com 2017-Apr-18 01:01 CEST 2017-Jul-17 01:01 CEST 79 days pheriche.com
121456861 pheriche.com 2017-Apr-17 01:01 CEST 2017-Jul-16 01:01 CEST 78 days pheriche.com
120559263 pheriche.com 2017-Apr-16 01:01 CEST 2017-Jul-15 01:01 CEST 77 days pheriche.com
119663826 pheriche.com 2017-Apr-15 01:01 CEST 2017-Jul-14 01:01 CEST 76 days pheriche.com
118792978 pheriche.com 2017-Apr-14 01:01 CEST 2017-Jul-13 01:01 CEST 75 days pheriche.com
109527111 sharedfiles.pheriche.com 2017-Mar-28 01:02 CEST 2017-Jun-26 01:02 CEST 58 days sharedfiles.pheriche.com
109526890 dev.pheriche.com 2017-Mar-28 01:01 CEST 2017-Jun-26 01:01 CEST 58 days dev.pheriche.com
97521007 sharedfiles.pheriche.com 2017-Feb-28 01:01 CET 2017-May-29 02:01 CEST 30 days sharedfiles.pheriche.com
97520900 dev.pheriche.com 2017-Feb-28 01:01 CET 2017-May-29 02:01 CEST 30 days dev.pheriche.com
92885983 dev.pheriche.com 2017-Feb-15 15:28 CET 2017-May-16 16:28 CEST 17 days dev.pheriche.com
I'm not using Plesk and don't know how it works so I can't help you with that but you should review your Plesk conf.
I came here to post an identical issue, also using Plesk on CentOS6. It started on 2nd of May. I too am baffled because I only have 2 subdomains on each domain that required a renewal on 2nd May (so a total of 6 certs across 2 domains). The other 2 or 3 domains I use Let’s Encrypt certs on weren’t due for renewal until around June.
I’ve contacted Plesk support who don’t seem to know what’s going on.
Did you get any further with this? I’m seeing the exact same errors (“too many certs for exact set of domains”) in my panel.log.
Is it possible this is a repeat of the issue last May where new certs were being generated as opposed to renewals?