Too many certificates already issued for exact set of domain


#1

Continuing the discussion from Install a Certificate for my webapplication runing on tomcat:

As mycertificate,that I creat like shown in the post above, will expire in 7 days (on 07 May 18 22:26 +0000). I tried to renew it by taping .

letsencrypt.exe and choosing R: renew cheduled option.

ive got this :

C:\Administrateur>letsencrypt.exe

[INFO] Let’s Encrypt Windows Simple (LEWS)
[INFO] Software version 198.4.6605.15190 (RELEASE)
[INFO] IIS version 8.5
[INFO] ACME Server https://acme-v01.api.letsencrypt.org/
[INFO] Please report issues at https://github.com/Lone-Coder/letsencrypt-win-simple

N: Create new certificate
M: Create new certificate with advanced options
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
V: Revoke certificate
C: Cancel scheduled renewal
X: Cancel all scheduled renewals
Q: Quit

Please choose from the menu: R

[INFO] Renewing certificate for myhost.ddns.net
[INFO] Authorize identifier: myhost.ddns.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate myhost.ddns.net 2018/4/29 4:43:43 PM
[EROR] AcmeWebException: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact
set of domains: targettec.ddns.net: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[EROR] Renewal for myhost.ddns.net failed, will retry on next run
[INFO] Renewing certificate for myhost.ddns.net
[INFO] Authorize identifier: myhost.ddns.net
[INFO] Cached authorization result: valid
[INFO] Requesting certificate myhost.ddns.net 2018/4/29 4:43:47 PM
[EROR] AcmeWebException: Unexpected error
+Response from server:
+ Code: 429
+ Content: {
“type”: “urn:acme:error:rateLimited”,
“detail”: “Error creating new cert :: too many certificates already issued for exact
set of domains: myhost.ddns.net: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
[EROR] Renewal for myhost.ddns.net failed, will retry on next run

I don’t understand I ve never tried to renew it before how did I have reatch rateLimite ?


#2

Hi @MAFTECH,

I can’t tell you what happened but today, a couple of hours ago you have issued 5 certificates for the same domain so you are hitting the 5 duplicated certs per 7 days.

CRT ID     CERT TYPE  DOMAIN (CN)         VALID FROM             VALID TO               EXPIRES IN  SANs
429755847  Pre cert   targettec.ddns.net  2018-Apr-29 13:26 UTC  2018-Jul-28 13:26 UTC  89 days     targettec.ddns.net
429709512  Pre cert   targettec.ddns.net  2018-Apr-29 13:33 UTC  2018-Jul-28 13:33 UTC  89 days     targettec.ddns.net
429707732  Pre cert   targettec.ddns.net  2018-Apr-29 13:29 UTC  2018-Jul-28 13:29 UTC  89 days     targettec.ddns.net
429707707  Pre cert   targettec.ddns.net  2018-Apr-29 13:28 UTC  2018-Jul-28 13:28 UTC  89 days     targettec.ddns.net
429706708  Pre cert   targettec.ddns.net  2018-Apr-29 13:26 UTC  2018-Jul-28 13:26 UTC  89 days     targettec.ddns.net

So you should have a renewed cert somewhere… I don’t use IIS nor LEWS so I don’t know where are your certs, also, you said you are using tomcat too, so, did you convert the renewed cert to keystore format?.

Cheers,
sahsanu


#3

thank you for the answer!
first abnormal thing that I just noticed is that by listing the scheduled renewals I’ve got two same certificate :

N: Create new certificate
M: Create new certificate with advanced options
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
V: Revoke certificate
C: Cancel scheduled renewal
X: Cancel all scheduled renewals
Q: Quit

Please choose from the menu: L

1: targettec.ddns.net - renew after 2018/4/2 11:26:59 PM
2: targettec.ddns.net - renew after 2018/4/2 11:26:59 PM
C: Cancel

the second is that I did three unsuccessful attempts because the server iss was stopped. when I restart them I got the error that I already posted.

I am confused! I do not use IIs and I do not need it. why LE uses iis to generate certifications.

I tried to convert the renewed cert to keystore format i’ve got a error :

the private key and the certificate chain do not constitute a valid key pair

What must I do now ?
wait and try again in 7 days?


#4

I just tried again i ve got another error !

[INFO] Renewing certificate for targettec.ddns.net
[INFO] Authorize identifier: targettec.ddns.net
[INFO] Authorizing targettec.ddns.net using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://targettec.ddns.net/.well-known/acme-c
hallenge/zJi5SEjDbXtH3qaiD8tOt54_LHMnZsBrNf7l2iK4oKE
[EROR] Authorization result: invalid
[EROR] NullReferenceException: La référence d’objet n’est pas définie à une instance
d’un objet.
[EROR] Renewal for targettec.ddns.net failed, will retry on next run

Any idea ?


#5

You may have a redirection that is messing with the http get:

wget http://targettec.ddns.net/.well-known/acme-challenge/test.txt
–2018-05-01 02:53:30-- http://targettec.ddns.net/.well-known/acme-challenge/test.txt
Resolving targettec.ddns.net (targettec.ddns.net)… 196.120.104.96
Connecting to targettec.ddns.net (targettec.ddns.net)|196.120.104.96|:80… connected.
HTTP request sent, awaiting response… 302 D\351plac\351 Temporairement
Location: https://targettec.ddns.net/.well-known/acme-challenge/test.txt [following]
–2018-05-01 02:53:30-- https://targettec.ddns.net/.well-known/acme-challenge/test.txt
Connecting to targettec.ddns.net (targettec.ddns.net)|196.120.104.96|:443… connected.
HTTP request sent, awaiting response… 404 Introuvable
2018-05-01 02:53:31 ERROR 404: Introuvable.

Please place a text.txt file in the challenge folder to test access from the Internet.
And also allow the http access to the challenge folder to bypass the redirection.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.