Rate limit change?

My domain is: rhdemo.io

I ran this command:

shell: /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d {{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} --noninteractive --agree-tos

It produced this output:
Obtaining a new certificate

An unexpected error occurred: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for: rhdemo.io: see https://letsencrypt.org/docs/rate-limits/ Please see the logfiles in /var/log/letsencrypt for more details. stderr_lines: stdout: ’

https://dashboard.zuul.ansible.com/t/ansible/build/e19355a389e64ecd85bd3ce954e22cd4/console

My web server is (include version): RHEL 8.2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): I can login

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Will provide in future update , typing from phone

1 Like

Hi @IPvSean

checking your domain via https://check-your-website.server-daten.de/?q=rhdemo.io#ct-logs there are no active certificates visible. The tool ignores too old certificates. Checked with crt.sh and google, there are some older certificates, but no active certificates.

Looks like a wrong error message.

Same checking the domain name of your log - student2-code.tqe-gating-dibnshmi.rhdemo.io - looks like that client is buggy.

2 Likes

So… what am I doing wrong… this has been working flawlessly for weeks where I spin up a new RHEL8 instance on AWS and issue him a cert:

- name: Download and install certbot
  get_url:
    url: https://dl.eff.org/certbot-auto
    dest: /usr/local/bin/certbot-auto
    mode: '0755'
    owner: "root"

- name: issue cert
  shell: /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d {{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} --email fake@redhat.com --noninteractive --agree-tos
  register: issue_cert
  until: issue_cert is not failed
  retries: 5
  ignore_errors: true

which is literally just running the shell command

 /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d student1-code.tqe-gating-dibnshmi.rhdemo.io --email fake@redhat.com --noninteractive --agree-tos

which is documented here: https://certbot.eff.org/lets-encrypt/centosrhel8-other which I just turned into ansible commands above. I feel like some random ratelimit rule is hitting us

1 Like

Without certificates there is only the failed validation rate limit.

May be the client uses a (wrong) predefined error message.

Run that command

 /usr/local/bin/certbot-auto certonly --no-bootstrap --standalone -d student1-code.tqe-gating-dibnshmi.rhdemo.io --email fake@redhat.com --noninteractive --agree-tos

manual, then you should have the complete (and correct) log.

PS: Remove --noninteractive, perhaps that hides some problems.

2 Likes

of course now it works…

   /etc/letsencrypt/live/student1-code.boinc-test.rhdemo.io/fullchain.pem
   Your key file has been saved at:

I spin up ephemeral RHEL8 instances to the server that had the issue is already destroyed b/c of the failure…

1 Like

Then it looks that this

too many certificates already issued for

error message is not from Letsencrypt. Instead, it’s a predefined error message of that client.

If you had hitted that limit, you wouldn’t be able to create the same certificate again.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.