Hi guys,
I got this error “Error creating new cert :: too many certificates already issued for exact set of domains”.
Now, this is the only cert I have for this domain; it was created one month ago so its the first renewal.
I have other certs on the same server and they have been renewed without problems.
The renewal request is performed with the command /usr/bin/certbot renew (every day) that I guess should renew only the certs near to the expiration.
What can I try to see to understand where is the problem?
Thsnks!
S*

What is the domain, if you’re comfortable with sharing it? That would be the quickest way to get answers.

sure, www.premioitalia.org

You’ve got a lot of certs issued: https://crt.sh/?q=%premioitalia.org

What is your renewal command? And what is the contents of the renewal file?

Oh, I see… so there’s something wrong somewhere

This is the renewal file; the command is /usr/bin/certbot renew

renew_before_expiry = 30 days

cert = /usr/local/etc/letsencrypt/live/www.premioitalia.org/cert.pem
privkey = /usr/local/etc/letsencrypt/live/www.premioitalia.org/privkey.pem
chain = /usr/local/etc/letsencrypt/live/www.premioitalia.org/chain.pem
fullchain = /usr/local/etc/letsencrypt/live/www.premioitalia.org/fullchain.pem
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/www.premioitalia.org

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = None
account = 9a87b4efb986c306f689905fe00e5f3a
[[webroot_map]]
www.premioitalia.org = /var/www/ospiti/premioitalia.org/www./public

In the “archive” dir I see two sets os cert, cert1 and cert2; cert2 is dated june, the other may, but in “live” the cert linked is cert1. I think the problem is here. I don’t know exactly where these links are made. Do you think I can change them manually or have to do something else?

Could you post:

ls -lR /etc/letsencrypt/archive

ls -lR /etc/letsencrypt/live

cat /etc/letsencrypt/cli.ini

Sure, here we go.
One thing: I have changed server about a month ago (this is why most of the files are dated May 16th), from FreeBSD to Debian.

root@homer # ls -lR /etc/letsencrypt/archive
/etc/letsencrypt/archive:
total 20
drwxr-xr-x 2 root root 4096 May 16 13:54 control.delosdigital.it
drwxr-xr-x 2 root root 4096 May 16 13:54 static.delosnetwork.it
drwxr-xr-x 2 root root 4096 May 16 13:54 tabloid.sswa.it
drwxr-xr-x 2 root root 4096 May 16 13:54 www.delosbooks.it
drwxr-xr-x 2 root root 4096 May 16 13:55 www.premioitalia.org

/etc/letsencrypt/archive/control.delosdigital.it:
total 112
-rw-r–r-- 1 root root 1935 May 16 13:54 cert1.pem
-rw-r–r-- 1 root root 1935 May 16 13:54 cert2.pem
-rw-r–r-- 1 root root 1976 May 16 13:54 cert3.pem
-rw-r–r-- 1 root root 1976 May 16 13:54 cert4.pem
-rw-r–r-- 1 root root 1976 May 16 13:54 cert5.pem
-rw-r–r-- 1 root root 1976 May 16 13:54 cert6.pem
-rw-r–r-- 1 root root 1976 May 16 13:54 cert7.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain1.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain2.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain3.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain4.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain5.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain6.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain7.pem
-rw-r–r-- 1 root root 3582 May 16 13:54 fullchain1.pem
-rw-r–r-- 1 root root 3582 May 16 13:54 fullchain2.pem
-rw-r–r-- 1 root root 3623 May 16 13:54 fullchain3.pem
-rw-r–r-- 1 root root 3623 May 16 13:54 fullchain4.pem
-rw-r–r-- 1 root root 3623 May 16 13:54 fullchain5.pem
-rw-r–r-- 1 root root 3623 May 16 13:54 fullchain6.pem
-rw-r–r-- 1 root root 3623 May 16 13:54 fullchain7.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey1.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey2.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey3.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey4.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey5.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey6.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey7.pem

/etc/letsencrypt/archive/static.delosnetwork.it:
total 112
-rw-r–r-- 1 root root 2427 May 16 13:54 cert1.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert2.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert3.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert4.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert5.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert6.pem
-rw-r–r-- 1 root root 2427 May 16 13:54 cert7.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain1.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain2.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain3.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain4.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain5.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain6.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain7.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain1.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain2.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain3.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain4.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain5.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain6.pem
-rw-r–r-- 1 root root 4074 May 16 13:54 fullchain7.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey1.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey2.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey3.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey4.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey5.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey6.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey7.pem

/etc/letsencrypt/archive/tabloid.sswa.it:
total 112
-rw-r–r-- 1 root root 1809 May 16 13:54 cert1.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert2.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert3.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert4.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert5.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert6.pem
-rw-r–r-- 1 root root 1809 May 16 13:54 cert7.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain1.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain2.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain3.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain4.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain5.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain6.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain7.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain1.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain2.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain3.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain4.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain5.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain6.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain7.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey1.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey2.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey3.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey4.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey5.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey6.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey7.pem

/etc/letsencrypt/archive/www.delosbooks.it:
total 112
-rw-r–r-- 1 root root 1891 May 16 13:54 cert1.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert2.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert3.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert4.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert5.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert6.pem
-rw-r–r-- 1 root root 1891 May 16 13:54 cert7.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain1.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain2.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain3.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain4.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain5.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain6.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain7.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain1.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain2.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain3.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain4.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain5.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain6.pem
-rw-r–r-- 1 root root 3538 May 16 13:54 fullchain7.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey1.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey2.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey3.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey4.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey5.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey6.pem
-rw-r–r-- 1 root root 1704 May 16 13:54 privkey7.pem

/etc/letsencrypt/archive/www.premioitalia.org:
total 32
-rw-r–r-- 1 root root 1809 May 16 13:54 cert1.pem
-rw-r–r-- 1 root root 1809 Jun 14 12:29 cert2.pem
-rw-r–r-- 1 root root 1647 May 16 13:54 chain1.pem
-rw-r–r-- 1 root root 1647 Jun 14 12:29 chain2.pem
-rw-r–r-- 1 root root 3456 May 16 13:54 fullchain1.pem
-rw-r–r-- 1 root root 3456 Jun 14 12:29 fullchain2.pem
-rw-r–r-- 1 root root 1708 May 16 13:54 privkey1.pem
-rw-r–r-- 1 root root 1704 Jun 14 12:29 privkey2.pem

root@homer # ls -lR /etc/letsencrypt/live
/etc/letsencrypt/live:
total 20
drwxr-xr-x 2 root root 4096 May 16 13:54 control.delosdigital.it
drwxr-xr-x 2 root root 4096 May 16 13:54 static.delosnetwork.it
drwxr-xr-x 2 root root 4096 May 16 13:54 tabloid.sswa.it
drwxr-xr-x 2 root root 4096 May 16 13:54 www.delosbooks.it
drwxr-xr-x 2 root root 4096 May 16 13:54 www.premioitalia.org

/etc/letsencrypt/live/control.delosdigital.it:
total 0
lrwxrwxrwx 1 root root 47 May 16 13:54 cert.pem -> …/…/archive/control.delosdigital.it/cert7.pem
lrwxrwxrwx 1 root root 48 May 16 13:54 chain.pem -> …/…/archive/control.delosdigital.it/chain7.pem
lrwxrwxrwx 1 root root 52 May 16 13:54 fullchain.pem -> …/…/archive/control.delosdigital.it/fullchain7.pem
lrwxrwxrwx 1 root root 50 May 16 13:54 privkey.pem -> …/…/archive/control.delosdigital.it/privkey7.pem

/etc/letsencrypt/live/static.delosnetwork.it:
total 0
lrwxrwxrwx 1 root root 46 May 16 13:54 cert.pem -> …/…/archive/static.delosnetwork.it/cert7.pem
lrwxrwxrwx 1 root root 47 May 16 13:54 chain.pem -> …/…/archive/static.delosnetwork.it/chain7.pem
lrwxrwxrwx 1 root root 51 May 16 13:54 fullchain.pem -> …/…/archive/static.delosnetwork.it/fullchain7.pem
lrwxrwxrwx 1 root root 49 May 16 13:54 privkey.pem -> …/…/archive/static.delosnetwork.it/privkey7.pem

/etc/letsencrypt/live/tabloid.sswa.it:
total 0
lrwxrwxrwx 1 root root 39 May 16 13:54 cert.pem -> …/…/archive/tabloid.sswa.it/cert7.pem
lrwxrwxrwx 1 root root 40 May 16 13:54 chain.pem -> …/…/archive/tabloid.sswa.it/chain7.pem
lrwxrwxrwx 1 root root 44 May 16 13:54 fullchain.pem -> …/…/archive/tabloid.sswa.it/fullchain7.pem
lrwxrwxrwx 1 root root 42 May 16 13:54 privkey.pem -> …/…/archive/tabloid.sswa.it/privkey7.pem

/etc/letsencrypt/live/www.delosbooks.it:
total 0
lrwxrwxrwx 1 root root 41 May 16 13:54 cert.pem -> …/…/archive/www.delosbooks.it/cert7.pem
lrwxrwxrwx 1 root root 42 May 16 13:54 chain.pem -> …/…/archive/www.delosbooks.it/chain7.pem
lrwxrwxrwx 1 root root 46 May 16 13:54 fullchain.pem -> …/…/archive/www.delosbooks.it/fullchain7.pem
lrwxrwxrwx 1 root root 44 May 16 13:54 privkey.pem -> …/…/archive/www.delosbooks.it/privkey7.pem

/etc/letsencrypt/live/www.premioitalia.org:
total 0
lrwxrwxrwx 1 root root 44 May 16 13:54 cert.pem -> …/…/archive/www.premioitalia.org/cert1.pem
lrwxrwxrwx 1 root root 45 May 16 13:54 chain.pem -> …/…/archive/www.premioitalia.org/chain1.pem
lrwxrwxrwx 1 root root 49 May 16 13:54 fullchain.pem -> …/…/archive/www.premioitalia.org/fullchain1.pem
lrwxrwxrwx 1 root root 47 May 16 13:54 privkey.pem -> …/…/archive/www.premioitalia.org/privkey1.pem

root@homer # cat /etc/letsencrypt/cli.ini
cat: /etc/letsencrypt/cli.ini: No such file or directory

Wait a minute. /etc/letsencrypt/renewal/www.premioitalia.org.conf you posted earlier contains /usr/local/etc/letsencrypt/live/. Your stuff is located in /etc/letsencrypt/live/ (as expected on Linux).

At a guess, every day, Certbot sees that the files in /etc/letsencrypt/live/ are old, issues a new certificate, saves it in /etc/letsencrypt/archive/, tries to update symlinks in /usr/local/etc/letsencrypt/live/ (succeeding or failing, i don’t know)… But since /etc/letsencrypt/live/ is never updated, it keeps doing the same thing every day, never knowing that the certificate has been renewed.

I think you need to run a quick sed or text editor find-and-replace over it, and all of your other /etc/letsencrypt/renewal/ .conf files to adjust the paths. Then it will hopefully work right.

After that, you could either wait for it to renew again tomorrow (or whenever the rate limits allow it to), or you can run certbot update_symlinks to fix the symlinks. You may have to delete the out-of-date symlinks first; i’m not sure how it works.

Edit: Typo.

Oh, gosh. I have looked at that file for hours and I didn’t saw that.
My apologies, and thanks a lot for your patience and your good eye!
I will post again to let you know, but you certainly nailed it.
S*

Solved, thanks a lot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.