[Solved] Can't generate cert. Too many requests. Old certs gone due to server update


#1

Hello,
my Ubuntu 16.04.01 LTS server stopped working a few hours ago after updating it from 14.04 LTS. After installing the OS again and setting up my websites (that I had backed up) I went to renew my almost expired certificates. For some reason letsencrypt-auto put the new certificate in a seperate directory “/etc/letsencrypt/archive/carlgo11-[001,002…]/” and so it kept thinking the certificate was about to expire. I have no idea why it put them in a new directory and why it didn’t change the links in /etc/letsencrypt/live/carlgo11/ to the corresponding folders.

When noticed what happened I went to create a new one instead of using the “renew” param. When I did that it complained about the [archive/live]/carlgo11.com directories already existing and so I deleted them.

Then when that was done this error popped up:

There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for exact set of domains: carlgo11.com,www.carlgo11.com

So now I’m without any certificate for my website and it looks like I’m unable to generate a new one for 7 days. :sweat:

Would any administrators of Let’s Encrypt be able to reset my limit so that I can create a certificate and get my website up and running again?

As it is now my web-server is pretty much useless as Nginx crashes due to no certificates. :cry:

TL;DR It’s not my day today… Certificate gone and website is down.

//@Carlgo11

My domain is:
carlgo11.com www.carlgo11.com

My operating system is (include version):
Ubuntu 16.04.1

My web server is (include version):
Nginx 1.10.0 (Ubuntu)

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

The -00X directories get created when you request a certificate that contains domains you’ve previously requested certificates for, plus additional domains. In order words, if you first request a certificate for example.com, and change that to example.com + www.example.com, you end up with a -001 directory. To avoid this behaviour, use the --expand flag, which instructs the client to always overwrite a matching existing certificate instead.

As for the rate limiting problem, unfortunately there’s no way to manually delete or reset those.

There might be a workaround you could try. Let’s Encrypt has separate rate limits for certificates that contain the exact same set of (sub)domains vs. certificates that just contain the same “base” domain. The former rate limit is 5 per week, while the latter is 20 per week. What you could do is add another subdomain just for the purpose of bypassing that first limit (i.e. something like www1.carlgo11.com). That should allow you to get a certificate for now.


#3

Man you’re a life safer!
Thank you for the workaround tip :smile:


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.