There were too many requests


#1

hi, i have a bug when i would like create and use my certificat and i remove the bad folder /live/ with certificats when i would like renew it i have this message :

There were too many requests of a given type

:: Error creating new cert :: too many certificates already issued for exact set of domains: alvarium-inc.fr: see > https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

How i can do make a new certificats, without wait a week ?

F.Lefebvre


#2

Hi @floflo530

you can create 5 certificates with the same set of domains in 7 days. Why don’t you use one of these certificates?

Use

certbot certificates

to check, which certificates are there.

You can add a new domain name or remove one domain name. But if you do such things

then you will hit the next limit.


#3

Oh man you also really shouldn’t mess with those directories. You’re going to break your Certbot install if you do.

Also, you should include your domain name. It’s a lot harder to diagnose many issues if we don’t know this information. Please remember that all certificates are publicly logged to the certificate transparency logs, so you’re not increasing secrecy by hiding it from here.


#4

i add my domain name (i just bought a comodo for 1 years) but i like letsencrypt :smiley:


#5

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.


#6

You have 5 certificates created with this one name.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:alvarium-inc.fr&lu=cert_search

If you remove your /live/ - folder, then you have to wait one week.

You can add the second name www.alvarium-inc.fr. Then it’s the same like your Comodo-certificate.

But what was wrong? Which command did you use? The certificates are created, looks, like the installation didn’t work.


#7

i use this cmd

certbot --authenticator webroot --installer apache

from https://certbot.eff.org/lets-encrypt/debianjessie-apache

But after my apache server was die and i would like restore it but is not succes


#8

This is bad. Perhaps share your apache configuration with one of the certbot - engineers - @schoen

You can skip the --installer - part with something like

certbot certonly --authenticator webroot -d www.alvarium-inc.fr -d alvarium-inc.fr

Then you create only the certificate (this part works), you have two names (a new name set, one of max. five certificates).

Then you can install the certificate manual. certbot certificates shows the paths you need.


#9

Yes, deleting /etc/letsencrypt/live can only harm things and not help them, because it means that Certbot can no longer keep track of your certificates, and the references to your certificates in your Apache configuration now point at non-existent files.

Can you post the output of these commands?

grep -r /etc/letsencrypt/live /etc/apache2

ls -l /etc/letsencrypt/archive/*


#10

root@-----:/var/www/wordpress# grep -r /etc/letsencrypt/live /etc/apache2
root@-----:/var/www/wordpress#

root@-----/:/var/www/wordpress# ls -l /etc/letsencrypt/archive/*
ls: cannot access /etc/letsencrypt/archive/*: No such file or directory


#11

Did you delete more than /etc/letsencrypt/live, like all of /etc/letsencrypt or something?

Is your Apache installation not in /etc/apache2?


#12

i just delete /etc/letsencrypt/live/* and my apache installation is /etc/apache2/

/etc/letsencrypt# ls -la
total 44
drwxr-xr-x 9 root root 4096 Sep 7 22:03 .
drwxr-xr-x 96 root root 4096 Sep 7 22:51 …
-rw-r–r-- 1 root root 64 Sep 7 21:50 .updated-options-ssl-apache-conf-digest.txt
drwx------ 5 root root 4096 Sep 7 21:50 accounts
drwx------ 2 root root 4096 Sep 7 22:10 archive
drwxr-xr-x 2 root root 4096 Sep 7 23:34 csr
drwx------ 2 root root 4096 Sep 7 23:34 keys
drwx------ 2 root root 4096 Sep 7 22:02 live
-rw-r–r-- 1 root root 1619 Sep 7 21:50 options-ssl-apache.conf
drwxr-xr-x 2 root root 4096 Sep 7 22:10 renewal
drwxr-xr-x 5 root root 4096 Sep 7 21:50 renewal-hooks


#13

Maybe run find /etc/letsencrypt?


#14

root@--------:/etc/letsencrypt# find /etc/letsencrypt
/etc/letsencrypt
/etc/letsencrypt/live
/etc/letsencrypt/renewal
/etc/letsencrypt/csr
/etc/letsencrypt/csr/0001_csr-certbot.pem
/etc/letsencrypt/csr/0000_csr-certbot.pem
/etc/letsencrypt/csr/0005_csr-certbot.pem
/etc/letsencrypt/csr/0009_csr-certbot.pem
/etc/letsencrypt/csr/0006_csr-certbot.pem
/etc/letsencrypt/csr/0004_csr-certbot.pem
/etc/letsencrypt/csr/0008_csr-certbot.pem
/etc/letsencrypt/csr/0002_csr-certbot.pem
/etc/letsencrypt/csr/0010_csr-certbot.pem
/etc/letsencrypt/csr/0007_csr-certbot.pem
/etc/letsencrypt/csr/0003_csr-certbot.pem
/etc/letsencrypt/archive
/etc/letsencrypt/options-ssl-apache.conf
/etc/letsencrypt/accounts
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/bb5d28dfd929648d14aa99cf604d750d
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/bb5d28dfd929648d14aa99cf604d750d/regr.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/bb5d28dfd929648d14aa99cf604d750d/meta.json
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/bb5d28dfd929648d14aa99cf604d750d/private_key.json
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/56878577db4166635919b5328a28b3f1
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/56878577db4166635919b5328a28b3f1/regr.json
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/56878577db4166635919b5328a28b3f1/meta.json
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/56878577db4166635919b5328a28b3f1/private_key.json
/etc/letsencrypt/renewal-hooks
/etc/letsencrypt/renewal-hooks/post
/etc/letsencrypt/renewal-hooks/deploy
/etc/letsencrypt/renewal-hooks/pre
/etc/letsencrypt/.updated-options-ssl-apache-conf-digest.txt
/etc/letsencrypt/keys
/etc/letsencrypt/keys/0001_key-certbot.pem
/etc/letsencrypt/keys/0008_key-certbot.pem
/etc/letsencrypt/keys/0006_key-certbot.pem
/etc/letsencrypt/keys/0010_key-certbot.pem
/etc/letsencrypt/keys/0007_key-certbot.pem
/etc/letsencrypt/keys/0004_key-certbot.pem
/etc/letsencrypt/keys/0000_key-certbot.pem
/etc/letsencrypt/keys/0002_key-certbot.pem
/etc/letsencrypt/keys/0003_key-certbot.pem
/etc/letsencrypt/keys/0009_key-certbot.pem
/etc/letsencrypt/keys/0005_key-certbot.pem


#15

It doesn’t really make sense that /etc/letsencrypt/renewal and /etc/letsencrypt/archive would be empty if you didn’t do anything to delete their contents. These should always have entries corresponding to Certbot-managed certificates.

What error do you see when trying to start Apache?


#16

i don’t have the line code but i remember it’s about certificats not exist.


#17

It’s kind of mysterious if grep -r /etc/letsencrypt/live /etc/apache2 also returned no output. Could you try it again and see what the specific error is?


#18

try to restart apache ?
it’s done, after not work i remove and purge it and reinstall with sample conf.

i don’t know if that can help ->

my last line in /var/log/apache2/error.log

https://pastebin.com/A3MXZwcz


#19

This warning wouldn’t stop Apache from running; it might suggest that you just forgot to include a particular name in your certificate (or that Apache was using a default certificate because it wasn’t configured to refer to your Let’s Encrypt certificate).


#20

ok, the next time i retry with certbot
:smiley: thx for your times !