Too many certificates already issued for exact set of domain

Continuing the discussion from Install a Certificate for my webapplication runing on tomcat:

As mycertificate,that I creat like shown in the post above, will expire in 7 days (on 07 May 18 22:26 +0000). I tried to renew it by taping .

letsencrypt.exe and choosing R: renew cheduled option.

ive got this :

C:\Administrateur>letsencrypt.exe

[INFO] Let’s Encrypt Windows Simple (LEWS)
[INFO] Software version 198.4.6605.15190 (RELEASE)
[INFO] IIS version 8.5
[INFO] ACME Server https://acme-v01.api.letsencrypt.org/
[INFO] Please report issues at https://github.com/Lone-Coder/letsencrypt-win-simple

N: Create new certificate
M: Create new certificate with advanced options
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
V: Revoke certificate
C: Cancel scheduled renewal
X: Cancel all scheduled renewals
Q: Quit

Please choose from the menu: R

[INFO] Renewing certificate for myhost.ddns.net
[INFO] Authorize identifier: myhost.ddns.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate myhost.ddns.net 2018/4/29 4:43:43 PM
[EROR] AcmeWebException: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact
set of domains: targettec.ddns.net: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[EROR] Renewal for myhost.ddns.net failed, will retry on next run
[INFO] Renewing certificate for myhost.ddns.net
[INFO] Authorize identifier: myhost.ddns.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate myhost.ddns.net 2018/4/29 4:43:47 PM
[EROR] AcmeWebException: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact
set of domains: myhost.ddns.net: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[EROR] Renewal for myhost.ddns.net failed, will retry on next run

I don’t understand I ve never tried to renew it before how did I have reatch rateLimite ?

Hi @MAFTECH,

I can’t tell you what happened but today, a couple of hours ago you have issued 5 certificates for the same domain so you are hitting the 5 duplicated certs per 7 days.

CRT ID     CERT TYPE  DOMAIN (CN)         VALID FROM             VALID TO               EXPIRES IN  SANs
429755847  Pre cert   targettec.ddns.net  2018-Apr-29 13:26 UTC  2018-Jul-28 13:26 UTC  89 days     targettec.ddns.net
429709512  Pre cert   targettec.ddns.net  2018-Apr-29 13:33 UTC  2018-Jul-28 13:33 UTC  89 days     targettec.ddns.net
429707732  Pre cert   targettec.ddns.net  2018-Apr-29 13:29 UTC  2018-Jul-28 13:29 UTC  89 days     targettec.ddns.net
429707707  Pre cert   targettec.ddns.net  2018-Apr-29 13:28 UTC  2018-Jul-28 13:28 UTC  89 days     targettec.ddns.net
429706708  Pre cert   targettec.ddns.net  2018-Apr-29 13:26 UTC  2018-Jul-28 13:26 UTC  89 days     targettec.ddns.net

So you should have a renewed cert somewhere… I don’t use IIS nor LEWS so I don’t know where are your certs, also, you said you are using tomcat too, so, did you convert the renewed cert to keystore format?.

Cheers,
sahsanu

thank you for the answer!
first abnormal thing that I just noticed is that by listing the scheduled renewals I’ve got two same certificate :

N: Create new certificate
M: Create new certificate with advanced options
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
V: Revoke certificate
C: Cancel scheduled renewal
X: Cancel all scheduled renewals
Q: Quit

Please choose from the menu: L

1: targettec.ddns.net - renew after 2018/4/2 11:26:59 PM
2: targettec.ddns.net - renew after 2018/4/2 11:26:59 PM
C: Cancel

the second is that I did three unsuccessful attempts because the server iss was stopped. when I restart them I got the error that I already posted.

I am confused! I do not use IIs and I do not need it. why LE uses iis to generate certifications.

I tried to convert the renewed cert to keystore format i’ve got a error :

the private key and the certificate chain do not constitute a valid key pair

What must I do now ?
wait and try again in 7 days?

I just tried again i ve got another error !

[INFO] Renewing certificate for targettec.ddns.net
[INFO] Authorize identifier: targettec.ddns.net
[INFO] Authorizing targettec.ddns.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://targettec.ddns.net/.well-known/acme-c
hallenge/zJi5SEjDbXtH3qaiD8tOt54_LHMnZsBrNf7l2iK4oKE
[EROR] Authorization result: invalid
[EROR] NullReferenceException: La référence d’objet n’est pas définie à une instance
d’un objet.
[EROR] Renewal for targettec.ddns.net failed, will retry on next run

Any idea ?

You may have a redirection that is messing with the http get:

wget http://targettec.ddns.net/.well-known/acme-challenge/test.txt
–2018-05-01 02:53:30-- http://targettec.ddns.net/.well-known/acme-challenge/test.txt
Resolving targettec.ddns.net (targettec.ddns.net)… 196.120.104.96
Connecting to targettec.ddns.net (targettec.ddns.net)|196.120.104.96|:80… connected.
HTTP request sent, awaiting response… 302 D\351plac\351 Temporairement
Location: https://targettec.ddns.net/.well-known/acme-challenge/test.txt [following]
–2018-05-01 02:53:30-- https://targettec.ddns.net/.well-known/acme-challenge/test.txt
Connecting to targettec.ddns.net (targettec.ddns.net)|196.120.104.96|:443… connected.
HTTP request sent, awaiting response… 404 Introuvable
2018-05-01 02:53:31 ERROR 404: Introuvable.

Please place a text.txt file in the challenge folder to test access from the Internet.
And also allow the http access to the challenge folder to bypass the redirection.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.