Renew error (too many certificates issued in the last 168 hours)

Hello, I tried to renew my certificate today.

:small_blue_diamond: First, I tried running certbot renew --cert-name love.adm.ncu.edu.tw --dry-run, and it succeed.

Congratulations, all simulated renewals succeeded:
 C:\Certbot\live\love.adm.ncu.edu.tw\fullchain.pem (success)

:small_blue_diamond: But when I removed dry-run option and ran certbot renew --cert-name love.adm.ncu.edu.tw, it showed this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing C:\Certbot\renewal\love.adm.ncu.edu.tw.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for love.adm.ncu.edu.tw
Failed to renew certificate love.adm.ncu.edu.tw with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: love.adm.ncu.edu.tw, retry after 2022-11-09T11:21:25Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  C:\Certbot\live\love.adm.ncu.edu.tw\fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

I think of a reason that may be the cause.
:small_orange_diamond: Three months ago, I also had trouble renewing certificates and I somehow decided to create two new certificates for the same domain, which created two new folders in C:\Certbot\live called love.adm.ncu.edu.tw-0001 and love.adm.ncu.edu.tw-0002. I deleted those folders (they're still in the recycle bin I think), so whenever I run certbot certificates it shows this:

Renewal configuration file C:\Certbot\renewal\love.adm.ncu.edu.tw-0001.conf produced an unexpected error: expected C:\Certbot\live\love.adm.ncu.edu.tw-0001\cert.pem to be a symlink. Skipping.
Renewal configuration file C:\Certbot\renewal\love.adm.ncu.edu.tw-0002.conf produced an unexpected error: expected C:\Certbot\live\love.adm.ncu.edu.tw-0002\cert.pem to be a symlink. Skipping.

I have no idea how to undo those changes though (I tried to take out the files from the recycle bin, but it didn't work), and I think these two certificates are messing up my certificate renewals.
:small_orange_diamond: I tried looking up my domain name for certificates issued in the past month, but nothing comes up. https://tools.letsdebug.net/cert-search?m=domain&q=love.adm.ncu.edu.tw&d=744

Sorry for the trouble, thank you everyone for the help.


My domain is: love.adm.ncu.edu.tw

My web server is (include version): Apache 5.6.38

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): XAMPP v3.2.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.24.0

That's unfortunate. It's because there are so many certificates for ncu.edu.tw so the results get cut off. crt.sh | love.adm.ncu.edu.tw will show you what you want.

:(.

Maybe just delete C:\Certbot\renewal\love.adm.ncu.edu.tw-0001.conf and C:\Certbot\renewal\love.adm.ncu.edu.tw-0002.conf and Certbot will stop trying to renew them.

Once you've done that and you run:

certbot certificates

What shows up?

3 Likes

Hello, thank you so much for the reply!
After deleting those two .conf files, the two invalid errors don't show up anymore.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: love.adm.ncu.edu.tw
    Serial Number: 4714cd8d958ef40a368db76cc6ebb8d2d0c
    Key Type: RSA
    Domains: love.adm.ncu.edu.tw
    Expiry Date: 2022-10-31 05:38:57+00:00 (INVALID: EXPIRED)
    Certificate Path: C:\Certbot\live\love.adm.ncu.edu.tw\fullchain.pem
    Private Key Path: C:\Certbot\live\love.adm.ncu.edu.tw\privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Since it showed retry after 2022-11-09T11:21:25Z before, should I try to run certbot renew --cert-name love.adm.ncu.edu.tw after this time point?

1 Like

I suspect that it's going to renew and not properly save the certificate.

Based on crt.sh, this problem began at the start of October and Certbot has been renewing (or trying to renew) the certificate every day since then.

This can happen if somebody moved around or modified some of the files inside the C:\Certbot directory in an unexpected way.

What I would probably do is wait until that date, then fully delete C:\Certbot and get a new certificate from scratch; fresh start.

You will want to probably disable the renewal task in Task Scheduler until then as well:

3 Likes

Okay, I will try to do that. Thank you for the suggestion!

1 Like

Everything worked correctly! I deleted C:\Certbot and reinstalled it, got a new certificate from scratch
Thank you so much! Hope this post can help others who need it

1 Like