Too many certificates already issued for: eatamina.com

franamadis · July 17, 2018, 8:56am

I’m moving my hosting to digitalocean, and while configuring ruby on rails, i couldn’t install the cert right.
Had to reinstall a couple times the droplets, and now im getting that error when trying to configure the ssl.
Please, could you please help me solve this big problem. My web app needs https to work correctly.

JuergenAuer · July 17, 2018, 8:59am

Hi @franamadis

you have 7 certificates, created yesterday and today:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:eatamina.com;issuer_uid:4428624498008853827&lu=cert_search

That hits a limit.

Which command / client do you use?

franamadis · July 17, 2018, 9:05am

Hi @JuergenAuer

i’m using nginx + rails default installation at digital ocean. I’m a beginner in this kind of service, was using heroku before

Is there any way i can get the last .pem generated by letsencrypt, so i can try to install it manually in the folder of the new droplet?

JuergenAuer · July 17, 2018, 9:27am

Do you have a certbot - directory? There is a command like

certbot certificates

which should show all certificates and their paths. Then you can use the last certificate and the path manual.

franamadis · July 17, 2018, 9:50am

No, i don´t have old directories because i destroyed the old droplet.
Is there any way to allow me to install new certs or the only way is waiting a week?

JuergenAuer · July 17, 2018, 10:32am

This is fatal when dealing with private / public key-pairs and certificates.

Then you have to wait one week.

You should have something, where you save your accont-keypair and the certificates permanent. So that you can destroy your droplet, but not your keys. If you have that, you can use the testsystem to test it.

But test-certificates (signed by Fake LE Intermediate X1) cannot used productive.

danb35 · July 17, 2018, 1:26pm

Exhibit #2879 for why all testing should be done with the staging environment.

JuergenAuer · July 17, 2018, 1:31pm

The staging system has it's own limit. Staging system never used -> some certificates can be created.

So before you hit the limit of the productive system: It's better to use the staging system. If all works -> use the productive system.

sahsanu · July 17, 2018, 1:49pm

Hi @franamadis,

As you have reached the 5 duplicated certificates per 7 days limit, yes, you can issue more certs but not for eatamina.com and www.eatamina.com... you could issue one cert for eatamina.com and another one covering www.eatamina.com or you could add one more domain and have a certificate covering eatamina.com, www.eatamina.com and for example dev.eatamina.com and you could get this cert right now.

Good luck,
sahsanu

franamadis · July 17, 2018, 3:25pm

Really helpful, thanks a lot. I'll work on a dev subdomain and when everything is working i'll move to the main domain.

Cool community. Thank you again.

jared.m · July 17, 2018, 3:31pm

They weren’t necessarily talking about a dev domain; you’re able to execute these same commands against the Let’s Encrypt staging environment to make sure everything’s working properly. The certificates you will get are not publicly trusted, but this is the best way to ensure everything’s working the way you’d expect before burning the much smaller production rate limits.

system · August 16, 2018, 3:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.