There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ezhubb

I ran this command:
/usr/bin/certbot certonly --force-renew --webroot --webroot-path /rorapps/ezhubb/production/ezhubb_com/current/public/ --email tomabroad@gmail.com --text --agree-tos -d ezhubb.com -d www.ezhubb.com --expand --renew-hook “service nginx reload”

It produced this output:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: ezhubb.com,www.ezhubb.com: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
debina

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

hi, i have the same setup for a total of 4 domains. each with www.
but for some reason that one above failed on the last day. certbot failed as per logs. not sure why. log file fom 5/20 gone.

how long do i have to wait now?


#3

You have reach the rate limit:

We also have a Duplicate Certificate limit of 5 certificates per week

https://crt.sh/?q=ezhubb.com

You will be able to generate a certificate after the Mai, 27.

You reach that rate limit because you already have generate that certificate 5 times, so if you still have the private key and the certificate, you shouldn’t need to generate a new one.

If you only have the private key, you can download the corresponding certificate using https://crt.sh

When experimenting, you should use the staging environment https://letsencrypt.org/docs/staging-environment/ :
https://certbot.eff.org/docs/using.html

The following flags are meant for testing and integration purposes only.

–test-cert, --staging
Use the staging server to obtain or revoke test
(invalid) certificates; equivalent to --server https
://acme-staging-v02.api.letsencrypt.org/directory
(default: False)

The staging environment generates certificates not trusted but browsers. But it doesn’t consumes rates limits of the production environment: once you find the correct configuration, you can then generate trusted certificates.


#4

(This is a typo for crt.sh.)


#5

Fixed, thank you @schoen !


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.