Revoked a cert but not allowed to recreate due to rateLimit

I first set up different certs for each of my domains, then realised I could do one cert for all. But when I did that and selected to replace & renew a current domain I couldn’t find where the new multi-domain cert was (all those in /etc/letsencrypt/live were symlinks to archive).

Then to make matters worse, when I tried to run again with --cert-path to try and put the new multi-domain cert somewhere else I got hit with the “Too many certificates already issued for domain”! I tried revoking the domain in question, but still get the error!

So what now? do I have to wait for 59 days before I can try and get it to work again?!

No, up to 7 days, see Public beta rate limits

1 Like

Thanks for the quick response, 7 days isn’t too bad. But do you have any idea about the other problem of there seeming to be no multi-domain cert created anywhere? It asked if I wanted to replace an existing cert with the new multi-domain one, then said it had been created in the location where the old single domain cert had been (in letsencrypt/live/domain) but in there was just a symlink to the archived single domain cert?

When I’m allowed to run the command again (certonly --webroot) , would adding --cert-path ensure the new multi-domain cert is somewhere predictable instead of non-existent or over the top of one of the single domains?

Your multi-domain cert will be in the folder named with the first -d supplied flag.

For example, let’s say you requested your cert with the following command:

letsencrypt certonly --webroot --webroot-path /var/www/html -d me.domain.org -d domain.org -d mail.domain.org -d www.domain.org -d domain.net -d mail.domain.net

You will find your certificate, private-key in the folder /etc/letsencrypt/archives/me.domain.org and the files in /etc/letsencrypt/live/me.domain.org will point to the latest certificate issued.

1 Like

I think it must work slightly differently than that because it was the 7th domain’s dir that it said it would be putting it in. But the first 6 domain were all new certs, the 7th was the first one that had an existing LE cert installed, and was the one the query about replacing/renewing was about.

Well when in that case it will put the 7th domain in the 1st domain folder.

You will normally find this files cert1.pem cert2.pem chain1.pem chain2.pem fullchain1.pem fullchain2.pem privkey1.pem privkey2.pem

I already encountered your case but for me it was to expand one certificate (initially with two domain) to more domain.

Ah yes I see now that when I do ls -al /etc/letsencrypt/live/*/cert.pm it shows that all of them are symlinks to …archive…/cert1.pem except for the seventh domain’s dir which links to cert2.pem and cert2.pem is much bigger than all the cert1.pem files so it looks like it created a new cert there with all the domains in the 7th domain’s dir.