Rate limited without requests


I have a strange issue. My certificate expired and when requesting a new one I was rate limited:

# certbot renew --cert-name mail.hallinet.se

Failed to renew certificate mail.hallinet.se with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: mail.hallinet.se, retry after 2023-11-07T00:47:37Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/

This is the first time requesting a renewal for that specific domain. I only have one certificate installed and it was created 2023-08-07.

My first thought was that maybe my auto-renewal messed something up. So I disabled it and waited until the next day(today) and tried again, but was still rate limited.

What could cause this rate limit?

there are a dozen of certificates issued every 2 days: what happened to them?


I don't know. I've been using crontab running:

20 00 * * 7 /usr/bin/certbot renew --quiet

and never had any issues. This is the first time this specific certificate had required a renewal.

Trying to look through the logs:

2023-10-08 10:51:14,363:ERROR:certbot._internal.renewal:Failed to renew certificate mail.hallinet.se with error: [Errno 17] File exists: '/etc/letsencrypt/archive/mail.hallinet.se/privkey2.pem'
2023-10-08 10:51:14,368:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 475, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1386, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 341, in renew_cert
    lineage.save_successor(prior_version, new_cert, new_key.pem, new_chain, config)
  File "/usr/lib/python3/dist-packages/certbot/_internal/storage.py", line 1139, in save_successor
    with util.safe_open(target["privkey"], "wb", chmod=BASE_PRIVKEY_MODE) as f:
  File "/usr/lib/python3/dist-packages/certbot/util.py", line 224, in safe_open
    fd = filesystem.open(path, os.O_CREAT | os.O_EXCL | os.O_RDWR, *open_args)
  File "/usr/lib/python3/dist-packages/certbot/compat/filesystem.py", line 208, in open
    return os.open(file_path, flags, mode)
FileExistsError: [Errno 17] File exists: '/etc/letsencrypt/archive/mail.hallinet.se/privkey2.pem'

After that it seems that the script kept running, requesting certificates at random times during the day. But no certificate files were stored anywhere.

Now I have removed the line in crontab and deleted the certificate. That should stop the requests unless someone else is somehow requesting certificates for my domain.

The weird thing is that I removed the crontab line yesterday and was still rate limited today.

Looks like it's failing to write the new private key file, so the failure counts as a failed attempt overall. It might be caused by running certbot from different accounts? Might want to check all the required accounts have write permissions for the symlinks and files.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.