Too many certificates (5) already issued for this exact set of domains in the last 168 hours

If you edit your fullchain.pem file you will see it is a text file with multiple certificate entries. You can paste the last one into Certificate Decoder - Decode certificates to view their contents and that should confirm it is ISRG Root X1 issued by DST Root CA X3. If you then remove that entry from the file your chain will be [Your Cert] > R3 (Issued by ISRG Root X1), then clients will resolve this to the shorter (modern) chain. You may need to restart nginx.

2 Likes

hi @rg305

thank you, it's done but still the issue.

kindly if you can check

regards

2 Likes

hi @webprofusion

thank you very much for your support, I'm did it but the issue still showing and this is the result:
image

1 Like

Your certificate looks good and is using the modern chain. This chain is not compatible with old versions of Android which don't know about the ISRG Root X1 certificate.

If you need a mix of support for old and new devices I would suggest changing certificate authority but you would need to test whichever alternative you choose (ZeroSSL, BuyPass Go etc) with the client devices.

@webprofusion

dear, could you let me know if there is a paid cert that I can use to solve this issue,
I think it's better than a free one right because Letsencrypt make a big problem and I think we should change it forever

openssl s_client -connect live.redtaxi.cab:443 -servername live.redtaxi.cab | head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = live.redtaxi.cab
verify return:1
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = live.redtaxi.cab
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

That is the "shorter" chain.

1 Like

Nothing is forever.
All root certs have expiry dates - even the paid ones.

Let's Encrypt did NOT make this problem.

1 Like

@rg305

so it's correct right now?

1 Like

It is better.
Only you can know if it works for you.

1 Like

@rg305

yes, it's working for the android app.

but I can't access the dashboard from the browser
domain: admin.redtaxi.cab

also, there is Letsencrypt Cert and I made all steps that you sent previously

1 Like

Then you need to update your root trust store.
It is likely missing the "ISRG Root X1" cert.

Which system?
Which browser?

1 Like

yes dear @rg305

I know that there is an expiry date for all root cert and I'm using Letsencrypt for many years
this is the first time that happened

1 Like

You don't have to tell me about what happened.

1 Like

@rg305

Windows OS
Google Chrome

1 Like

@rg305

may this image help

1 Like

That image shows it all trusted.
Please show the error page.
Maybe clear the browser cache nd reboot (if needed).

1 Like

Read this post:

1 Like

dear @rg305

good day to you,
the issue is not solved yet and there are many people who have the same issue and posted here tickets
I'm using windows 10 so there are any official solutions from Letsencrypt?

Regards

2 Likes

@saleh
I don't understand the problem you are having.
Please show a picture of the error message (include the URL if using a browser).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.