Sslforfree urn:acme:error:rateLimited

Hi,

yesterday I tried to renew (and create) certificates on a Ubuntu VM via the command line letsencrypt tool. While the tool reported that the certificate was renewed/created successfully, successive restarting the nginx webserver always failed (with certificate errors). Unfortunately I repeated the process several times, following multiple tutorials, with no success.

Today, I was made aware of our old admin, that he also experienced issues when trying the command line tools directly and told me that I have to do it the way he did, i.e. use sslforfree to successfully recreate/renew the certificate. I followed the instructions given by the site (manual verification via the upload of a file). Following the instructions, I now got following error (rateLimit exceeded):

Certificate signature failed. If you supplied your own CSR make sure the domains on it match what you put on SSLForFree. If there is a rate limiting error at the end of this paragraph certificates per Domain is currently 5 per 7 days. Try asking Lets Encrypt to increase the limit or wait 7 days. Rate limits should increase in the near future. { “type”: “urn:acme:error:rateLimited”, “detail”: “Error creating new cert :: too many certificates already issued for exact set of domains: daimler-c03.vrcm.rocket-di.com”, “status”: 429 }

Since the results suggests to ask LetsEncrypt to increase the limit, I would like to ask if it is possible to reset/increase the limit within a short period of time. Or do I have to wait for the timespan of 7 days before I can try to renew the certificate again.

Also I read on this site that the limit has been increased to 20, so is our domain configuration out of date?
I would be really glad I you could help us out on short notice. Otherwise I will wait for a week and try again.

My apologies for the inconvenience & many thanks in advance for any help.
Best

You've triggered the Duplicate Certificate rate limit, which is 5 per week. (Actually, due to a minor issue, it's currently 6.)

You haven't rriggered the Certificates per Registered Domain limit, which is 20 per week.

By my count, there are about 18, so you're getting very close, and won't have many more chances before the 16th.

You ought to be able to issue a certificate for daimler-c03.vrcm.rocket-di.com plus another name. For example, "daimler-c03.vrcm.rocket-di.com, daimler-c04.vrcm.rocket-di.com" or "daimler-c03.vrcm.rocket-di.com, www.example.net". Just find or create some other (sub)domain you can validate, and use it. That will bypass the Duplicate Certificate limit, since it's not a duplicate, while still counting towards the Certificates per Registered Domain limit for every domain involved.

Rate limit increase requests take more than 7 days to process, and wouldn't be approved for this reason.

Edited to add:

In future, you can use the staging environment to create test certificates while working things out. If you're using the Certbot client, use "letsencrypt --staging" or "certbot --staging".

And if you can post more information about the Nginx issue, we may be able to help with it.

Thanks for the fast reply!

Since my colleagues might increase the Certificates per Registered Domain within the next days, I don’t want to unneccesarily increase the count. Thus, I will just wait for a week before i try again.

Again, thanks for the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.