There were too many requests of a given type

Hello,

I have changed the domain of the website assistanceinformatique78.fr to marlyinformatique.fr

I have aske for a Let's Encrypt, it didn't work.

I have cleaned old data and files.

Now, when I ask for a SSL certificate, I see this

Demande d'un certificat pour marlyinformatique.fr, www.marlyinformatique.fr à Let's Encrypt ..
.. la demande a échoué : La validation basée sur le Web a échoué :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: marlyinformatique.fr,www.marlyinformatique.fr: see Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
Please see the logfiles in /var/log/letsencrypt for more details.
Échec de la validation basée sur DNS :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: marlyinformatique.fr,www.marlyinformatique.fr: see Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
Please see the logfiles in /var/log/letsencrypt for more details.

When I look here https://check-your-website.server-daten.de/?q=marlyinformatique.fr
I see duplicate certificates :

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer last 7 days active num Certs
CN=R3, O=Let's Encrypt, C=US 5 5 5

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
2379584291
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 11:28:18 2021-06-16 11:28:18 marlyinformatique.fr, www.marlyinformatique.fr - 2 entries duplicate nr. 5
2379570162
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 11:23:18 2021-06-16 11:23:18 marlyinformatique.fr, www.marlyinformatique.fr - 2 entries duplicate nr. 4
2379607650
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 11:22:29 2021-06-16 11:22:29 marlyinformatique.fr, www.marlyinformatique.fr - 2 entries duplicate nr. 3
2379563044
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 11:18:52 2021-06-16 11:18:52 marlyinformatique.fr, www.marlyinformatique.fr - 2 entries duplicate nr. 2
2379556957
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 11:14:57 2021-06-16 11:14:57 marlyinformatique.fr, www.marlyinformatique.fr - 2 entries duplicate nr. 1

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuer last 7 days active num Certs
CN=R3, O=Let's Encrypt, C=US 5 /0 new 5 5

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
4233763011
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 10:28:18 2021-06-16 09:28:18 marlyinformatique.fr, www.marlyinformatique.fr
2 entries duplicate nr. 5 next Letsencrypt certificate: 2021-03-25 10:14:57
4233742093
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 10:23:18 2021-06-16 09:23:18 marlyinformatique.fr, www.marlyinformatique.fr
2 entries duplicate nr. 4
4233739035
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 10:22:29 2021-06-16 09:22:29 marlyinformatique.fr, www.marlyinformatique.fr
2 entries duplicate nr. 3
4233727265
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 10:18:52 2021-06-16 09:18:52 marlyinformatique.fr, www.marlyinformatique.fr
2 entries duplicate nr. 2
4233711946
leaf cert CN=R3, O=Let's Encrypt, C=US 2021-03-18 10:14:57 2021-06-16 09:14:57 marlyinformatique.fr, www.marlyinformatique.fr
2 entries duplicate nr. 1

How do I delete those duplicates entries so I can have a SSL ?

You can't.

The resources at the Let's Encrypt infrastructure are already spent for those certificates. And those issued certificates will keep spending resources, as Let's Encrypt will need to generate mandatory OCSP responses for those certificates, even if you revoke them.

Therefore, those rate limits are hard rate limits and cannot be undone by something you, we or Let's Encrypt could do.

Please use the staging environment in the future for testing things out and refrain from abusing the Let's Encrypt services in the future.

You've cleaned out perfectly fine and working certificates. Please don't unncessary delete things you could have used. It's probably better to ask help earlier in the process.

Hi @pbatreau

your question says: You have to read the basics.

Rate limits and CT-logs.

That answers all of your questions.

ok
So, how can I have a SSL for my website ?
Is it still possible ?

Yes. Please read the rate limit documentation closely for the work-around.

As it's a workaround and not one which I don't "support", I'll leave you to figure it out with the rate limit documentation on your own It shouldn't be that hard tho.

Not really helpful...
If I'm here it is because I don't understand this documentation about the trouble I have with SSL.
How can I have this SSL for my website ?
just wait ? Do I have to do something ?

A common topic around here is how to ensure Let's Encrypt's users better understand the rate limits and why they're there. You somehow managed to make 5 identical certificates and delete them. While Let's Encrypt offers the certificates for free, it really costs them quite a bit (in terms of validating you own the name, all the auditing that gets done around their systems that they only give certificates out that they're supposed to, signing all the requests and making the certificate status available, and so forth). Those costs are already spent, and you can't "delete" them since part of the rules around certificates (for good reason) require those certificates to be publicly audited and status received and so forth.

Before helping you further, people want some assurance that you understand a bit better what Let's Encrypt is doing and how to use it, such as doing testing in the staging environment and not deleting perfectly-good certificate private keys when you're still wanting to use them.

The rate limits exist to protect the system from abuse, since as I said offering the service is expensive and only possible due to Let's Encrypt's generous supports.

If you want SSL on your site (which you should, yes!), your options are:

1. Restore one of the five certificates and private keys that you already deleted, from backup or the like, assuming such exists.
2. Wait for the time listed in the rate limits page.
3. Request a certificate that isn't currently rate-limited (@Osiris was trying to point you to this workaround, where if you read carefully exactly what the 5-per-week limit covers, you might be able to find a certificate that you could request that doesn't match that criteria of what you're currently blocked on but still works for your needs.)
4. Use a different Certificate Authority in the meantime.

Part of the reason some people are hesitant to just outright tell you the workaround being alluded to in option 3 is to ensure that you're really read through the rate limit documentation and understand the resources being provided to you. If you have some specific question about a piece of the documentation you don't understand, please ask about that specifically and I'm sure people would be happy to help explain it. (And maybe the process could improve the documentation to help others!)

I don't have anymore the deleted certificates on my server.
I have hundreds of websites on several severs with Let's Encrypt and it works well.
In this case, I had troubles because I changed the domain of the website and ssl files of the old domain and of the new were mixed.
So when I tried to ask for certificate on my server, I didn't know it worked because it didn't on my side.
As I understand, the certificates were generated on your side.
So sorry for all this.
When can I request a new one ?

In one week (on March 25). You can find more details about this at

Thanks for your comforting and courteous answer.
it changes from the ordinary
Have a good day.

Thanks for your answer !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.