Server crashed - how to "fix" new server?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: beta.macmagic.co.za

I ran this command: certbot --apache -d beta.macmagic.co.za

It produced this output:
An unexpected error occurred:

There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: beta.macmagic.co.za: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

Hi all,

I had UniFi controller running in AWS. The server was corrupted and I accidentally terminated it before realizing that I should have backed up my certs!

So, I setup a new server, and now am attempting to get the certificates to this new machine. What is the best way of doing this? Is there a command to simply redownload existing certs? or revoke active ones and re-issue?

Thanks!

1 Like

You can technically download existing certificates, but you won’t be able to download the private keys associated with those certificates. Those were permanently lost when your server was corrupted. So forget about those certificates.

There’s no need to revoke existing certificates unless you believe that the private keys associated with them fell into the wrong hands. Since this hasn’t happened, revocation is not necessary.

Just issue new certificates, the same way you did originally.

Keep in mind you need to stay within the rate limits of Let’s Encrypt, but re-issuing a couple of duplicate certificates one time is going to be totally fine.

Edit:

Oops, I didn’t notice that you did indeed hit the rate limits. This error shows that you re-issued that certificate 5 times in a single week.

Revoking active certificates doesn’t remove rate limits. You need to wait it out (1 week).

The other thing you can do is create a certificate that contains two domain names, which will evade the rate limit. For example, create a dummy subdomain, point it to your server, and include it on the certificate:

certbot --apache -d beta.macmagic.co.za -d dummy.macmagic.co.za
1 Like

Thanks - Im not in a rush so I can wait a week !

1 Like