Hi
I would like to add new subdomain to my existing cert and I have a problem with limit error.
Error is " too many certificates already issued" but I don’t create certificates over limit - last time when I success created cert was: 2018-04-19.
I don’t have that error never before and I don’t know where the problem is.
My domain is:
lp-portal.pl
I ran this command:
sudo certbot certonly --authenticator webroot -w /pat/to/web/ --installer apache --email admin@lp-portal.pl --expand --eff-email --cert-name gminy.lp-portal.pl -d gminabrzeznica.lp-portal.pl -d gminabrudzew.lp-portal.pl …… kolaczkowo.lp-portal.pl -d gminajutrosin.lp-portal.pl
It produced this output:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for: lp-portal.pl: see https://letsencrypt.org/docs/rate-limits/
b’{\n “type”: “urn:acme:error:rateLimited”,\n “detail”: “Error creating new cert :: too many certificates already issued for: lp-portal.pl: see https://letsencrypt.org/docs/rate-limits/”,\n “status”: 429\n}’
My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version):
Description: Ubuntu 16.04.3 LTS
My hosting provider, if applicable, is:
dedicated server
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
I have 10 different certificates that contains list of subdomains. Each contains some groups of subdomains, eg:
cert_a: a1.lp-portal.pl, a2.lp-portal.pl …
cert_b: b1.lp-portal.pl, b2.lp-portal.pl …
All in thise same main domain ‘lp-portal.pl’ and with these same webroot ‘/pat/to/web/’
You were sitting exactly on the limit (20 certificates per Registered Domain per Week).
Between you gathering that error information and trying again, the window shifted over so that you were at 19. If you try again for a new certificate, I suspect you may be rate limited yet again.
From 2018-04-16 I only add (4 times) new subdomain to existing certificate (includes today updated certificate with new subdomain!).
When I would like to add new subdomain I get actual subdomains list (by command):
$: certbot certificates
Then search for my “Certificate Name”, copy list of “Domains:”, repleace space to " -d ", add new subdomain to the end and run:
$: sudo certbot certonly --authenticator webroot -w /pat/to/web/ --installer apache --email admin@lp-portal.pl --expand --eff-email --cert-name gminy.lp-portal.pl -d gminabrzeznica.lp-portal.pl …OTHERS_SUBDOMAINS.lp-portal.pl… -d NEW_SUBDOMAIN_NAME.lp-portal.pl
I know that when I add new subdomain to existed certificate then I create new certificate and limit was decreased.
What am I doing wrong?
How Can I check that the limit is over?
But you did. Maybe not intentionally - maybe they were renewals and you thought they did not count. You created 19 certs in the last 7 days (counting from right now), and 20 certs in the last 8 days:
Renewals are exempt from rate limits (and some of these may have been renewals, I didn't check), but if you try to issue a new certificate, then the rate limit is enforced, including the certificates that were renewed.
Wow - I don’t know why there was so much certs. I don’t need them. I have only about 40 certs with many subdomains.
I wonder how it’s possible because I always generate cert manually and add all subdomains separated by ‘-d’.
I supposed that certbot (or my command) worked incorrect . I upgraded it so I hope it will be OK now. I will check it.
[Tue Apr 24 17:00:14 CEST 2018] Standalone mode.
[Tue Apr 24 17:00:14 CEST 2018] Single domain=‘xxxyyy.ovh.net’
[Tue Apr 24 17:00:14 CEST 2018] Getting domain auth token for each domain
[Tue Apr 24 17:00:14 CEST 2018] Getting webroot for domain=‘xxxyyy.ovh.net’
[Tue Apr 24 17:00:14 CEST 2018] Getting new-authz for domain=‘xxxyyy.ovh.net’
[Tue Apr 24 17:00:15 CEST 2018] The new-authz request is ok.
[Tue Apr 24 17:00:15 CEST 2018] xxxyyy.ovh.net is already verified, skip http-01.
[Tue Apr 24 17:00:15 CEST 2018] Verify finished, start to sign.
[Tue Apr 24 17:00:17 CEST 2018] Sign failed: “detail”:“Error creating new cert :: too many certificates already issued for: ovh.net: see https://letsencrypt.org/docs/rate-limits/”
[Tue Apr 24 17:00:17 CEST 2018] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue Apr 24 17:00:17 CEST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
If it necessary I can provide full debug log.
Please clarify how to fix this problem and at last sign the certificate?!
Please create your own new topic for this question, @AntonDiam. When you do, please provide your full non-redacted domain name. We can’t assist you in finding rate limit issues without that, as there are several things that might be going on. Besides, it’s already been publicly (and permanently) logged several times in the certificate transparency logs.
You might also want to run certbot certificates to see if you have some old certificates that you don’t need (that may be getting renewed automatically by certbot renew).
Maby certbot do it automaticly when I use ‘apache’ option? I use ‘certonly’ to prevent that.
My commad is: sudo certbot certonly --authenticator webroot -w /path/to/app/ --installer apache --email admin@lp-portal.pl --expand --eff-email --cert-name <CERT_NAME>.<DOMAIN.pl> -d <SUBDOMAIN_NAME> -d <SUBDOMAIN_NAME> ...