Reach rate-limits

I have nginx problems while move domain lp.школатрейдера.рф to other server and delete all recently received certs. And reach rate-limits ((. I still need the letsencrypt certificate. How can I speed up the window to get cert?


Hi @kons,

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Can you additionally share the exact rate limit error message you’re receiving? If its the failed validations rate limit that you’re hitting it will automatically clear itself after 1 hour. You could also use the staging environment to debug your problem in the meantime.

1 Like

Ou, thanks for replying.

My domain is: lp.школатрейдера.рф - it`s in punycode

I ran this command:./certbot-auto certonly --webroot --agree-tos --email -w /var/www/domain/data/www/lpacademy -d lp.школатрейдера.рф -d www.lp.школатрейдера.рф
It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: lp.школатрейдера.рф,www.lp.школатрейдера.рф: see
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):nginx /1.12.2

The operating system my web server runs on is (include version):debian 3.16.7

My hosting provider, if applicable, is:

I can login to a root shell on my machine - yes

I’m using a control panel to manage my site - no

certbot 0.31.0

Error finalizing order: There were too many request of given type: too many request already issued for exact set of domain lp.школатрейдера.рф www.lp.школатрейдера.рф

1 Like

Hi @Kons,

there is a certificate, created today (школатрейдера.рф ):

expires in 90 days	lp.школатрейдера.рф (lp.xn--80aaldbwei0awes7e.xn--p1ai), 
www.lp.школатрейдера.рф (www.lp.xn--80aaldbwei0awes7e.xn--p1ai) - 2 entries

So use this certificate 60 - 85 days.

If you need the same certificate with another server, copy the private and the public key.

You have created 5 identical certificates today, one is used.;include_subdomains:false;domain:lp.xn--80aaldbwei0awes7e.xn--p1ai&lu=cert_search_cert


Yes, I just need the same keys, because I (crooked hands) physically deleted keys them from letsencrypt/live/ directory after nginx accepted them. It turns out that this certificate will work until nginx is restarted. That is, I need fullchain.pem and privkey.pem again

The rate limit is fixed.

So you have two options.

  • Don't restart your server in the next 7 days
  • create certificates with different sets of domain names

Your current certificate has two domain names


There you have hitted the limit -> next certificate in 7 days.

But you can create one certificate with


as domain name, one certificate with


So you need two different vHosts to use these certificates.

But: One certificate, not more then 4. Because there is already one certificate with


Thanks, i shall do so.

How much did you delete? There are two copies of the keys saved in /etc/letsencrypt/archive/ and /etc/letsencrypt/keys/. If you only deleted /etc/letsencrypt/live/, you can fix it.


Also in Linux you can usually access copies of files that processes have open by looking in /proc/[pid]/fd, even if the files have been unlinked from the filesystem.

$ echo hello > file
$ cat > <<foo
> #!/usr/bin/env python
> import os
> print(os.getpid())
> f = open("file")
> import time
> time.sleep(10)
> foo
$ python &
[1] 24071
$ rm file
$ cat file
cat: file: No such file or directory
$ cat /proc/24071/fd/3 
$ sleep 10
[1]+  Done                    python
$ cat file
cat: file: No such file or directory

This might not be necessary in this case because the much simpler approach suggested by @mnordhoff may suffice.

1 Like

@joohoi pointed out that nginx might not actually keep the certificate and key files open while running, since it could read them once at startup and then close them. I confirmed that this is true in practice, so my advice above won’t actually work for this application! (It could work in some other situations where you need to recover a file’s contents, but not this one.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.