Rate limit reached error, but not really reached

Help
1

I’m trying to renew a cert that but am only getting a “Rate limit exceeded error”. I’m not sure why, the last attempt to generate a cert for this domain was Aug 9. - https://crt.sh/?q=%virtutravel.com

It even looks like (according to crt.sh) that attempt was successful and that the cert is valid until November, but whatever certbot dropped on the server is saying it’s expired.

I’m not sure how to proceed - I’d either like to recreate the files for the existing cert, if it’s good, or create a new cert somehow.

Any help is appreciated!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: stories.virtutravel.com

I ran this command:
certbot-auto certonly --noninteractive --config /etc/letsencrypt/cli.ini -d stories.virtutravel.com

It produced this output:
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: stories.virtutravel.com: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
CentOS 7 - Linux version 3.10.0-327.18.2.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) )

The operating system my web server runs on is (include version):

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

2

Let’s Debug shows it to be OK:
https://letsdebug.net/stories.virtutravel.com/4038

Please show:
cerbot-auto certificates

3

Hi,

You've hit the Duplicate Certificate limit of 5 certificates per week.

crt.sh now always have some issues... so you might want to take a look at other ct tools...
Search on https://www.entrust.com/ct-search/ will show you that you generated some certificate recently for this hostname...

image
image3598×575 246 KB

which might be the issue... (there might be one certificate missing since there are total of 4 certs in 7 days...)

You do not want to use this command to renew... The correct renewal command should be ./certbot-auto renew.
This command will always request new certificates (instead of checking the existing certificate on the system & renew when it's appropriate.) This also explains why you hit the rate limit....:wink:

P.S. Now, run ./certbot-auto renew should able to get you a renewed certificate (Don't forget to restart your web server), please also change the command executed on cron job...

Thank you

4

Thanks for the help! So I get this when I run ./certbot-auto renew

Processing /etc/letsencrypt/renewal/stories.virtutravel.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found a new cert /archive/ that was not linked to in /live/; fixing...
Cert not yet due for renewal