Reached rate limit, when uncloked?

Hi! I reached the rate limit, i didn’t understood how many certificates i can authenticate and after how much days i can do more.

https://crt.sh/?q=%creativabcn.com

Here i have 15 certificates on 12 may on the same domain, cause ISPConfig have a bug and doesn’t write or delete new and old certificates when you do that on his interface.
When i try to activate Let’s encrypt for verification i receive a debug mail where the problem is only creativabcn.com and none of the aliases.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: creativabcn.com (aliases: creativabcn.es, creativabcn,cat, creativabarcelona.com)

I ran this command:
2019-05-13 14:31:04,140:DEBUG:certbot.main:Arguments: [’-n’, ‘–text’, ‘–agree-tos’, ‘–expand’, ‘–authenticator’, ‘webroot’, ‘–server’, ‘https://acme-v02.api.letsencrypt.org/directory’, ‘–rsa-key-size’, ‘4096’, ‘–email’, ‘postmaster@creativabcn.com’, ‘–domains’, ‘creativabcn.com’, ‘–domains’, ‘www.creativabcn.com’, ‘–domains’, ‘creativabcn.es’, ‘–domains’, ‘www.creativabcn.es’, ‘–domains’, ‘creativabcn.cat’, ‘–domains’, ‘www.creativabcn.cat’, ‘–domains’, ‘creativabarcelona.com’, ‘–domains’, ‘www.creativabarcelona.com’, ‘–webroot-path’, ‘/usr/local/ispconfig/interface/acme’]

It produced this output:
Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: creativabarcelona.com,creativabcn.cat,creativabcn.com,creativabcn.es,www.creativabarcelona.com,www.creativabcn.cat,www.creativabcn.com,www.creativabcn.es: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Debian 9.7

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig 3.1.13p1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot version: 0.32.0

It looks like you have one more to go: https://tools.letsdebug.net/cert-search?m=domain&q=creativabcn.com&d=168

But I’m also having rate limit issues while it looks like I’ve also got one more to go.

2 Likes

Hi @creativabcn

checking your domain that looks bad ( https://check-your-website.server-daten.de/?q=creativabcn.com#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
908191575 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 21:36:09 2019-08-10 21:36:09 creativabarcelona.com, creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabarcelona.com, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
8 entries duplicate nr. 5 next Letsencrypt certificate: 2019-05-19 17:53:10
908187365 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 21:33:11 2019-08-10 21:33:11 creativabarcelona.com, creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabarcelona.com, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
8 entries duplicate nr. 4
908178833 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 21:26:07 2019-08-10 21:26:07 creativabarcelona.com, creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabarcelona.com, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
8 entries duplicate nr. 3
908175864 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 21:24:08 2019-08-10 21:24:08 creativabarcelona.com, creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabarcelona.com, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
8 entries duplicate nr. 2
907939262 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 17:53:10 2019-08-10 17:53:10 creativabarcelona.com, creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabarcelona.com, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
8 entries duplicate nr. 1
907599995 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 12:54:07 2019-08-10 12:54:07 creativabcn.com, creativabcn.es, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
5 entries duplicate nr. 1
907570856 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 12:24:09 2019-08-10 12:24:09 creativabcn.cat, creativabcn.com, creativabcn.es, www.creativabcn.cat, www.creativabcn.com, www.creativabcn.es
6 entries duplicate nr. 1
907528590 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 11:43:07 2019-08-10 11:43:07 creativabcn.com, www.creativabcn.com
2 entries duplicate nr. 1
907485647 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-12 11:13:06 2019-08-10 11:13:06 panel.creativabcn.com
1 entries duplicate nr. 1

Five identical certificates with the same set of domain names.

next Letsencrypt certificate: 2019-05-19 17:53:10

And you don’t use one of these, instead you use

CN=airplane.creativabcn.com
	29.03.2019
	27.06.2019
expires in 45 days	airplane.creativabcn.com - 1 entry  

That’s terrible. But then you should ask your hoster to find a solution. Creating new certificates can’t help.

Maybe wrong, that domain is the first domain, so the complete certificate creation doesn’t work. Or can you find the certificate on your server?

4 Likes

It’s not Digital ocean realted, they sell clean VPS with high performances and good connectivity. The Debian setup it’s by myself and the issue is ISPConfig related, that is an Open Source and free hosting panel :smiley:

Anyway thanks for help, i’ve added to my bookmarks the website because it’s very useful. Now i’m managing certificate stuffs by SSH, or every that i do something on the panel i’m watching that is reflected on the machine.

I’ll try to authenticate the last new certificate on 19 may. Bye!

No that’s right. I can’t find noting in /archive and /live folder too. No certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.