Reset or delete my certificates from the system

Mikeee · July 24, 2018, 6:35pm

Hi! I am new here. I have one server with Windows Server 2008 and IIS 6.

I have tested the certification system. I used “Certify the web” client application.

When i modified the iis settings and testing the certification, i reached the free 5 certification limit.

I found the right settings in my server, so i want reset the certifications.

My url: kossuth.saujhely.sulinet.hu

Can i delete or reset all certicifications in lets encrypt system and set one right certification again?

What can i do?

And in windows server 2008, where can i delete the certifications? Currently i have 2 certfications in system, but because i am reached the limit, none of them work.

Thanks for help, Mike.

schoen · July 24, 2018, 6:41pm

Hi @Mikeee,

Deleting or revoking certificates does not affect the rate limits in any way. There’s no way to reset it.

The rate limit that you hit is the Duplicate Certificate limit.

So, if you request a certificate that covers an additional name, you can issue it without waiting a week.

rg305 · July 24, 2018, 6:43pm

Please note IIS 6 does not support SNI.
If you are going to serve multiple sites from a single IP, you will need to first update the IIS to support SNI (version 8 or greater).

tdelmas · July 24, 2018, 8:04pm

Or have one certificate valid for all the websites.

rg305 · July 24, 2018, 8:13pm

They may “solve” the cert problem.
But unless all the sites will serve the exact same content, you will need SNI - and IIS 6 can’t do that.

tdelmas · July 24, 2018, 8:17pm

@rg305 Are you sure? (I’m not an IIS expert)
but usually, when a webserver doesn’t support SNI, having one certificate valid for all domains solve the problem, as the server will look for the Host header, which will be correct. Just like if the website were accessed using plain http. Or I am missing something?

schoen · July 24, 2018, 9:09pm

@tdelmas is right about this. Web servers are able to switch on the HTTP Host header, just like they would with HTTP virtual hosting in the absence of HTTPS.

rg305 · July 24, 2018, 9:33pm

My recollection may be a bit fuzzy.
It has been quite some time since I’ve used IIS without SNI.
I guess the true test is to test it with one SAN cert.
Bind all sites with the same cert and cross your fingers - lol

rg305 · July 24, 2018, 9:42pm

In case all else fails, I would consider adding an additional proxy to the Windows Server and use that for SNI. Allowing it to connect to the IIS sites via unique internal IPs.

NGINX and Apache (both for Windows) can do the job easily.

Mikeee · July 25, 2018, 5:51am

Hi. I can delete the certificates from my server but i have this error message:

The Let’s Encrypt service did not issue a valid certificate in the time allowed. Failed to get new certificate from LetsEncrypt :: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact set of domains: kossuth-saujhely.sulinet.hu: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}

What can i do?

ps: i have iis 7 with srv 2008

JuergenAuer · July 25, 2018, 8:43am

Hi @Mikeee

you have created 6 active certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:kossuth-saujhely.sulinet.hu&lu=cert_search

Five yesterday, one today. So you are hitting the certificates-per-domain - limit. Wait one week. And if you need certificates, don't delete active certificates.

You should use the test system, not the productive system.

system · August 24, 2018, 8:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.