There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for:

I would like to add new subdomain to my existing cert and I have a problem with limit error.
Error is " too many certificates already issued" but I don’t create certificates over limit - last time when I success created cert was: 2018-04-19.

I don’t have that error never before and I don’t know where the problem is.

My domain is:

I ran this command:
sudo certbot certonly --authenticator webroot -w /pat/to/web/ --installer apache --email --expand --eff-email --cert-name -d -d …… -d

It produced this output:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: see
b’{\n “type”: “urn:acme:error:rateLimited”,\n “detail”: “Error creating new cert :: too many certificates already issued for: see”,\n “status”: 429\n}’

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Description: Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:
dedicated server

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

15 3 * * * root /usr/bin/certbot renew --quiet



  1. Today I upgraded certbot but it doesn’t help.

  2. I have 10 different certificates that contains list of subdomains. Each contains some groups of subdomains, eg:
    cert_a:, …
    cert_b:, …
    All in thise same main domain ‘’ and with these same webroot ‘/pat/to/web/’

Try this: |

I think you should be able to issue a certificate now (barely).

Now i can do it. I don’t understand what was wrong?

You were sitting exactly on the limit (20 certificates per Registered Domain per Week).

Between you gathering that error information and trying again, the window shifted over so that you were at 19. If you try again for a new certificate, I suspect you may be rate limited yet again.

But I don’t created 20 certs in last 7 days.

From 2018-04-16 I only add (4 times) new subdomain to existing certificate (includes today updated certificate with new subdomain!).

When I would like to add new subdomain I get actual subdomains list (by command):
$: certbot certificates

Then search for my “Certificate Name”, copy list of “Domains:”, repleace space to " -d ", add new subdomain to the end and run:
$: sudo certbot certonly --authenticator webroot -w /pat/to/web/ --installer apache --email --expand --eff-email --cert-name -d …… -d

I know that when I add new subdomain to existed certificate then I create new certificate and limit was decreased.

What am I doing wrong?
How Can I check that the limit is over?

But you did. Maybe not intentionally - maybe they were renewals and you thought they did not count. You created 19 certs in the last 7 days (counting from right now), and 20 certs in the last 8 days:

2018-04-22 02:59:14 +0000 UTC    names=[]
2018-04-22 02:59:11 +0000 UTC    names=[]
2018-04-21 09:46:11 +0000 UTC    names=[]
2018-04-21 03:41:13 +0000 UTC    names=[]
2018-04-21 03:09:07 +0000 UTC    names=[]
2018-04-21 03:08:51 +0000 UTC    names=[]
2018-04-21 02:17:50 +0000 UTC    names=[]
2018-04-20 10:10:53 +0000 UTC    names=[]
2018-04-20 03:18:59 +0000 UTC    names=[]
2018-04-20 03:18:55 +0000 UTC    names=[]
2018-04-19 07:27:25 +0000 UTC    names=[]
2018-04-19 02:39:02 +0000 UTC    names=[]
2018-04-19 02:38:55 +0000 UTC    names=[]
2018-04-18 06:49:05 +0000 UTC    names=[]
2018-04-18 04:32:46 +0000 UTC    names=[]
2018-04-18 04:26:43 +0000 UTC    names=[]
2018-04-18 04:26:39 +0000 UTC    names=[]
2018-04-18 04:26:35 +0000 UTC    names=[]
2018-04-18 04:25:46 +0000 UTC    names=[]
2018-04-17 07:48:33 +0000 UTC    names=[]

Renewals are exempt from rate limits (and some of these may have been renewals, I didn't check), but if you try to issue a new certificate, then the rate limit is enforced, including the certificates that were renewed.

@sahsanu's GitHub - sahsanu/lectl: Script to check issued certificates by Let's Encrypt on CTL (Certificate Transparency Log) using is pretty good.

You might also consider applying for a rate limit exemption if you believe that you need higher limits for your use: Rate Limits - Let's Encrypt

1 Like

Wow - I don’t know why there was so much certs. I don’t need them. I have only about 40 certs with many subdomains.

I wonder how it’s possible because I always generate cert manually and add all subdomains separated by ‘-d’.
I supposed that certbot (or my command) worked incorrect . I upgraded it so I hope it will be OK now. I will check it.

Thanks a lot for your help!

1 Like

Already second week as I have been trying to sign the certificate for my virtual server in domain

I run this command:
~/ --issue --standalone -d $FQDN

And I get this stable result:

[Tue Apr 24 17:00:14 CEST 2018] Standalone mode.
[Tue Apr 24 17:00:14 CEST 2018] Single domain=‘
[Tue Apr 24 17:00:14 CEST 2018] Getting domain auth token for each domain
[Tue Apr 24 17:00:14 CEST 2018] Getting webroot for domain=‘
[Tue Apr 24 17:00:14 CEST 2018] Getting new-authz for domain=‘
[Tue Apr 24 17:00:15 CEST 2018] The new-authz request is ok.
[Tue Apr 24 17:00:15 CEST 2018] is already verified, skip http-01.
[Tue Apr 24 17:00:15 CEST 2018] Verify finished, start to sign.
[Tue Apr 24 17:00:17 CEST 2018] Sign failed: “detail”:“Error creating new cert :: too many certificates already issued for: see
[Tue Apr 24 17:00:17 CEST 2018] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue Apr 24 17:00:17 CEST 2018] See:

If it necessary I can provide full debug log.

Please clarify how to fix this problem and at last sign the certificate?!

Please create your own new topic for this question, @AntonDiam. When you do, please provide your full non-redacted domain name. We can’t assist you in finding rate limit issues without that, as there are several things that might be going on. Besides, it’s already been publicly (and permanently) logged several times in the certificate transparency logs.

You might also want to run certbot certificates to see if you have some old certificates that you don’t need (that may be getting renewed automatically by certbot renew).

I run certbot certificates before created this post.

I received:

  • host1 = 18 different certificates (10 for domain, each cert contains 1- ~60subdomains),
  • host2 = 2 certificates (1 for contains 3 subdomains).

Example (
This is cert that I created - it contains subdomains list
but I was never created certificate for single customer domain

Maby certbot do it automaticly when I use ‘apache’ option? I use ‘certonly’ to prevent that.
My commad is:
sudo certbot certonly --authenticator webroot -w /path/to/app/ --installer apache --email --expand --eff-email --cert-name <CERT_NAME>.<> -d <SUBDOMAIN_NAME> -d <SUBDOMAIN_NAME> ...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.