Too many certificates already issued for: domain


#1

I’m trying to certificate a subdomain of preprod.effilab-local.com and I always get this message.
I tried in monday 26 november 2018 and I tried today 03 december 2018 respecting the 7 days sliding window, and I have the same message
[.preprod.effilab-local.com] acme: Validations succeeded; requesting certificates",“time”:“2018-12-03T09:19:08Z”}
{“level”:“error”,“msg”:"Unable to obtain ACME certificate for domains "
.preprod.effilab-local.com" : unable to generate a certificate for the domains [*.preprod.effilab-local.com]: acme: Error -\u003e One or more domains had a problem:\n[preprod.effilab-local.com] acme: Error 429 - urn:ietf:params:acme:error:rateLimited - Error finalizing order :: too many certificates already issued for exact set of domains: *.preprod.effilab-local.com: see https://letsencrypt.org/docs/rate-limits/\n",“time”:"2018-12-03T09:19:13Z"}

I have the issue also for *.effilab-local.com

Please help ?

My domain is:
*.preprod.effilab-local.com
*.effilab-local.com
I ran this command:
I am using traefik on kubernetes
It produced this output:

My web server is (include version):
traefik-1.54.0
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
gke
I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Hi @jkel

there are a lot of certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=p:ZWZmaWxhYi1sb2NhbC5jb206ZmFsc2U6dHJ1ZTo0NDI4NjI0NDk4MDA4ODUzODI3OkVBRT0&cert_search=include_expired:false;include_subdomains:true;domain:effilab-local.com;issuer_uid:4428624498008853827&lu=cert_search_cert

Check page 2. Same there:

https://crt.sh/?q=%.effilab-local.com

Looks like you have created a lot of certificates last Monday.

Why isn’t it possible to use one of these.

Today later or tomorrow it should work.


#3

It should work right now - the window isn’t even close, there’s only a single certificate for the exact name within the 7 day window.

Something looks broken at the CA. see my post below

Rate Limit Current Status Domain
50 Certificates per Registered Domain per week OK (2 / 50 this week.) effilab-local.com

Summary generated at https://tools.letsdebug.net/cert-search?m=domain&q=effilab-local.com&d=168 .


#4

Hi Juergen
I wasnt aware about the rate limit last monday and about the stagging env, So when trying to deploy to kubernetes, I did it several times. Now my deployment is ok and I want to use the prod env.
I cant use those generated because I didnt have them, when redeploying to kube, the container is trashed and the certificate too, I am now enhancing my deployment using pv
So I f I try tomorrow it should be ok, right ?
Thanks for helping


#5

Ah, nothing is wrong.

You tried pretty much as your last 3 certificates were sliding out of the window. You needed to wait a few more minutes.

Try right now, you will succeed.


#6

This is always bad.

If you use container, you should always save the certificates and account keys outside the container.

So you can use the certificate 60 - 80 days.


#7

yes I am using persitant volumes now