There were too many requests of a given type

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.talkyoo.net

I ran this command:
/letsencrypt-auto -d www.talkyoo.net

It produced this output:
./letsencrypt-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: www.talkyoo.net: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
nginx/1.4.6

The operating system my web server runs on is (include version):
Ubuntu 14.04.2 LTS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.35.1

The renewal of the certificate failed, than we exceeded the rate limit, is it possible to extend it?

Hi @t.eggert

you have created a lot of certificates ( https://check-your-website.server-daten.de/?q=talkyoo.net#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-07-10 2019-10-08 www.talkyoo.net - 1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-07-11 21:04:14
Let’s Encrypt Authority X3 2019-07-10 2019-10-08 www.talkyoo.net - 1 entries duplicate nr. 4
Let’s Encrypt Authority X3 2019-07-10 2019-10-08 www.talkyoo.net - 1 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-07-09 2019-10-07 www.talkyoo.net - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-07-04 2019-10-02 www.talkyoo.net - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-07-04 2019-10-02 mail.talkyoo.net - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2019-07-02 2019-09-30 video.talkyoo.net - 1 entries
Let’s Encrypt Authority X3 2019-07-01 2019-09-29 see.talkyoo.net - 1 entries
Let’s Encrypt Authority X3 2019-06-30 2019-09-28 www.talkyoo.net - 1 entries
Let’s Encrypt Authority X3 2019-06-29 2019-09-27 www.talkyoo.net - 1 entries next Letsencrypt certificate:

Where are these? Why don’t you use one of these?

Create one certificate, then use it 60 - 85 days, then create the next.

1 Like

As far as I see the certbot failed to write the privatkey.pem file for a unknown reason, so I can’t use it. Or can I redownload the privatkey?

I think that’s wrong. The private key is required to create the Certificate Signing request.

So failing write the private key -> no CSR -> no certificate created -> no limit.

1 Like

very strange:
bbuser@proxy02:~/newcert$ sudo ls -l /etc/letsencrypt/archive/www.talkyoo.net | grep “Jul 10 1”
-rw-r–r-- 1 root root 1911 Jul 10 12:30 cert4.pem
-rw-r–r-- 1 root root 1647 Jul 10 12:30 chain4.pem
-rw-r–r-- 1 root root 3558 Jul 10 12:30 fullchain4.pem

the file seems missing. Or its written somewhere else.

I fixed the problem by getting a wildcard certificate.

A check of the documentation

is helpful.

/etc/letsencrypt/keys

is the directory of the private keys, not /archive. There are only the public parts.

Ok, than this seems to be a recent change:
root@proxy02:~# ls /etc/letsencrypt/archive/www.talkyoo.net/*3.pem
cert3.pem chain3.pem fullchain3.pem privkey3.pem

in the former version the file was there. And also for the wildcard it is all in the same folder…

Thanks for your support

Thorsten

That is not correct. keys contains a backup of each private key, but the canonical version exists as privkey.pem within archive and is linked from live.

1 Like

Ah, thanks, good to know.