Too many certificates already issued for exact set of domains: elchurch.com.br,www.elchurch.com.br

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: elchurch.com.br

I ran this command: certbot-auto certonly --standalone -d elchurch.com.br -d www.elchurch.com.br

It produced this output:

root@server:~# certbot-auto certonly --standalone -d elchurch.com.br -d www.elchurch.com.br
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for elchurch.com.br
tls-sni-01 challenge for www.elchurch.com.br
Waiting for verification...
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: elchurch.com.br,www.elchurch.com.br
Please see the logfiles in /var/log/letsencrypt for more details.
root@server:~#

My web server is (include version):

It is vestacp server. nginx front end, apache back end. But i just stopped nginx and run certbot-auto in standalone. I tested with another domain too, that did work as you can see from

The problem is for this domain specifically.

The operating system my web server runs on is (include version):

Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is:

DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I am generating SSL from command line.

EDIT

From googling and some reading similar posts i found Cert for this domain is already issued before, so i checked the site

https://crt.sh/?q=%.elchurch.com.br

It shows 5 SSLs. But for some reason i don’t get them activated or stored in my /etc/letsencrypt/live folder.

The rate limit is for successful SSL issuing or for SSL request ?

Hi @HostOnNet,

It looks like this is right:

https://crt.sh/?Identity=%elchurch.com.br&iCAID=16418
https://letsencrypt.org/docs/rate-limits/

Do you know how these certificates all got created?

I am not sure how these get created.

When i try, it fail with some errors, my letsencrypt folder is empty too. It can be some one else did this before me, i am not sure.

root@server:/etc/letsencrypt/live# ll
total 12
drwx------ 3 root root 4096 Nov 21 01:57 ./
drwxr-xr-x 9 root root 4096 Nov 21 01:57 ../
drwxr-xr-x 2 root root 4096 Nov 21 01:57 vesta.webhostingneeds.com/
root@server:/etc/letsencrypt/live# pwd
/etc/letsencrypt/live
root@server:/etc/letsencrypt/live# 

From that site, these SSL listed are successful issue of SSL or just request ?

Those are all successful issuances. There’s a different error for failed issuance, and those don’t show up in the CT logs.

Thanks for the reply. Look like i have to wait for 7 days to get the rate limit removed.

5 certs have been issued in the last two days…
I would try finding them:
certbot-auto certificates

Thanks, this is a new server, look like this was done on previous server

root@server:~# certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: vesta.webhostingneeds.com
    Domains: vesta.webhostingneeds.com
    Expiry Date: 2018-02-19 02:57:36+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/vesta.webhostingneeds.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/vesta.webhostingneeds.com/privkey.pem
-------------------------------------------------------------------------------
root@server:~#

You can also issue sooner if you choose to add an additional subdomain to the certificate (because then it’s no longer the “exact set of domains”).

The command you ran produced the output expected, if the files are there you simply need to use them:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.