Too many certificates already issued for: eatamina.com


#1

I’m moving my hosting to digitalocean, and while configuring ruby on rails, i couldn’t install the cert right.
Had to reinstall a couple times the droplets, and now im getting that error when trying to configure the ssl.
Please, could you please help me solve this big problem. My web app needs https to work correctly.


#2

Hi @franamadis

you have 7 certificates, created yesterday and today:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:eatamina.com;issuer_uid:4428624498008853827&lu=cert_search

That hits a limit.

Which command / client do you use?


#3

Hi @JuergenAuer

i’m using nginx + rails default installation at digital ocean. I’m a beginner in this kind of service, was using heroku before

Is there any way i can get the last .pem generated by letsencrypt, so i can try to install it manually in the folder of the new droplet?


#4

Do you have a certbot - directory? There is a command like

certbot certificates

which should show all certificates and their paths. Then you can use the last certificate and the path manual.


#5

No, i don´t have old directories because i destroyed the old droplet. :frowning:
Is there any way to allow me to install new certs or the only way is waiting a week?


#6

This is fatal when dealing with private / public key-pairs and certificates.

Then you have to wait one week.

You should have something, where you save your accont-keypair and the certificates permanent. So that you can destroy your droplet, but not your keys. If you have that, you can use the testsystem to test it.

But test-certificates (signed by Fake LE Intermediate X1) cannot used productive.


#7

Exhibit #2879 for why all testing should be done with the staging environment.


#8

The staging system has it’s own limit. Staging system never used -> some certificates can be created.

So before you hit the limit of the productive system: It’s better to use the staging system. If all works -> use the productive system.


#9

Hi @franamadis,

As you have reached the 5 duplicated certificates per 7 days limit, yes, you can issue more certs but not for eatamina.com and www.eatamina.com… you could issue one cert for eatamina.com and another one covering www.eatamina.com or you could add one more domain and have a certificate covering eatamina.com, www.eatamina.com and for example dev.eatamina.com and you could get this cert right now.

Good luck,
sahsanu


#10

Really helpful, thanks a lot. I’ll work on a dev subdomain and when everything is working i’ll move to the main domain.

Cool community. Thank you again.


#11

They weren’t necessarily talking about a dev domain; you’re able to execute these same commands against the Let’s Encrypt staging environment to make sure everything’s working properly. The certificates you will get are not publicly trusted, but this is the best way to ensure everything’s working the way you’d expect before burning the much smaller production rate limits.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.