Rate limit change?

My domain is: rhdemo.io

I ran this command:

shell: /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d {{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} --noninteractive --agree-tos

It produced this output:
Obtaining a new certificate

An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for: rhdemo.io: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. stderr_lines: stdout: ’

https://dashboard.zuul.ansible.com/t/ansible/build/e19355a389e64ecd85bd3ce954e22cd4/console

My web server is (include version): RHEL 8.2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): I can login

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Will provide in future update , typing from phone

Hi @IPvSean

checking your domain via https://check-your-website.server-daten.de/?q=rhdemo.io#ct-logs there are no active certificates visible. The tool ignores too old certificates. Checked with crt.sh and google, there are some older certificates, but no active certificates.

Looks like a wrong error message.

Same checking the domain name of your log - student2-code.tqe-gating-dibnshmi.rhdemo.io - looks like that client is buggy.

So… what am I doing wrong… this has been working flawlessly for weeks where I spin up a new RHEL8 instance on AWS and issue him a cert:

- name: Download and install certbot
  get_url:
    url: https://dl.eff.org/certbot-auto
    dest: /usr/local/bin/certbot-auto
    mode: '0755'
    owner: "root"

- name: issue cert
  shell: /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d {{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} --email fake@redhat.com --noninteractive --agree-tos
  register: issue_cert
  until: issue_cert is not failed
  retries: 5
  ignore_errors: true

which is literally just running the shell command

 /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d student1-code.tqe-gating-dibnshmi.rhdemo.io --email fake@redhat.com --noninteractive --agree-tos

which is documented here: https://certbot.eff.org/lets-encrypt/centosrhel8-other which I just turned into ansible commands above. I feel like some random ratelimit rule is hitting us

Without certificates there is only the failed validation rate limit.

May be the client uses a (wrong) predefined error message.

Run that command

 /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d student1-code.tqe-gating-dibnshmi.rhdemo.io --email fake@redhat.com --noninteractive --agree-tos

manual, then you should have the complete (and correct) log.

PS: Remove --noninteractive, perhaps that hides some problems.

of course now it works…

   /etc/letsencrypt/live/student1-code.boinc-test.rhdemo.io/fullchain.pem
   Your key file has been saved at:

I spin up ephemeral RHEL8 instances to the server that had the issue is already destroyed b/c of the failure…

Then it looks that this

too many certificates already issued for

error message is not from Letsencrypt. Instead, it’s a predefined error message of that client.

If you had hitted that limit, you wouldn’t be able to create the same certificate again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.