Problem creating new certificates for domain.tld

frkca · May 2, 2017, 2:03pm

Hello,

we’ve recently renewed 32 certificates for a subdomains of livebox.sk without any problems. The problem we have now is that sounds like these were not counted as renewals and we are hitting the rate limits for this particular domain. each and every request for issuing a new cert for subdomain fails with below error. We are using the official certbot-auto script and never had any issues with other domains. All renewed via bultin http-01 challnege with custom pre&post hooks that make sure port 80 is usable for the challenge.

certbot-auto renew -q --no-self-upgrade # (currently running 0.11.1)

There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: livebox.sk

From the debug log:
HTTP 429
Server: nginx
Content-Type: application/problem+json
Content-Length: 154
Boulder-Request-Id: …
Boulder-Requester: 7609602
Replay-Nonce: …
Expires: Tue, 02 May 2017 12:11:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 02 May 2017 12:11:40 GMT
Connection: close
{
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for: livebox.sk”,
“status”: 429
}

sahsanu · May 2, 2017, 3:10pm

Hi @frkca,

Indeed, a renewal count as a "new certificate" for the 20 certs per week rate limit but as renewals are always allowed you should consider issue new certificates first and then renew your certs as they always will be issued.

I think the rate-limits page Rate Limits - Let's Encrypt should be re-worded to show this behaviour on renewal procedure.

You have several topics where more people have the same issue and some tips to avoid to reach this limit
:

Cheers,
sahsanu

system · June 1, 2017, 3:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.