Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: I can not issue a certificate. I did not comply with the request to create more than 20 certificates a week. However, I can not get a certificate for the primary domain.
It produced this output: too many certificates already issued fo https://bijouterie-jewelry.com/ (But I want to emphasize - this week I turned only once. 7/06/2018). Unfortunately I do not understand. I have not broken the limit.
My web server is (include version): I don’t know
The operating system my web server runs on is (include version): I don’t know
My hosting provider, if applicable, is: https://www.ukraine.com.ua/ I use a admin page to manage. Unfortunately, support could not help me, I was sent to you. Because they can not understand why it is not possible to issue a certificate.
I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Some of these may have been renewals. You need to be aware that while renewals are not blocked by rate limits, they do contribute to rate limits: https://letsencrypt.org/docs/rate-limits/
To make sure you can always renew your certificates when you need to, we have a Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals. An issuance request counts as a renewal if it contains the exact same set of hostnames as a previously issued certificate. This is the same definition used for the Duplicate Certificate limit described above. Renewals are still subject to the Duplicate Certificate limit. Also note: the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.
Sorry, I do not understand what to do. (Could you issue a certificate for my site? ( bijouterie-jewelry.com & www.bijouterie-jewelry.com )
That’s all I’m asking. This is not an update. This is a new certificate.
What are my steps?
If I understood you correctly, I can not get a certificate, because my subdomains are updated on 20 pieces per week. Yes, they are updated.
But how can I issue a new certificate? In total, I have 94 certificates for subdomains.
This means that I can not get a new certificate ever. After all, every week the limit will be exhausted automatically. Right?
The solution lies in this quote from the rate limit documentation:
the order of renewals and new issuances matters. To get the maximum possible number of certificates, you must perform all new issuances before renewals during a given time window.
Right now, you can't issue new certificates. It's too late to do anything.
When your rate limits begin to subside (~31h from now), ensure that your new certificates are issued before any renewals take place. You may need to suspend/defer your renewals until afterwards.
This allows your full rate limit (20 certificate/week) to be used on new certificates, and you will then be able to complete the renewals afterwards.
Have you considered just using a wildcard certificate? I see that you issued one recently.
Is this the actual certificate you're trying to get? It should be possible to get it under the Renewal Exemption, since it has been issued previously: https://crt.sh/?id=375709928
it shows the "Install" button.
If you click on this button, there is a wait. Then nothing happens.
Tech support explains this by returning an error "too many certificates already issued for bijouterie-jewelry.com" . Thus, the notification that the request was sent and should be waited 24 hours is reset. As a result, we again see the "Install" button. And so on a circle. An endless process leads again to the "install" (установить)
Earlier you sent this link. Is this my wildcard certificate? Where to write it? there are so many lines. crt.sh | 511113377 the only place where you can write it - on the screen number 1, only 3 fields.
Ultimately this all comes down to whether your hosting panel supports issuing a single wildcard certificate for: bijouterie-jewelry.com and *.bijouterie-jewelry.com. I do not recognize your hosting panel so I'm not sure if it does.
Your rate limit should allow one more certificate in ~31 hours. At that point, you can ask your host if it is possible to issue a wildcard using the hosting panel.
if it's not possible, it may be possible to issue one manually using a site like zerossl.com or httpsforfree.com and then install it to your hosting panel.
Unfortunately that certificate would not be usable in your case because it is a "precertificate" (not important to understand) and because it does not include the base domain.
the support service managed to order a certificate, despite the fact that the limit is exhausted.
They installed a certificate for the site www.bijouterie-jewelry.com
