Too many certificates already issued for exact set of domains: example.com

Hello,

I overcome one error, now I get this:

Error: Let’s Encrypt SSL certificate installation failed:
Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-cert: Error creating new cert :: too many certificates already issued for exact set of domains: example.com. Type: urn:acme:error:rateLimited.

I have been reading on the forums, is it true that I have to wait for a week or so and try to renew it again? I can’t lose to many time without the https cert as for payments and privacy concerns.

Please advice,
Regards,
Dan

Yes, this error means you already were issued the maximum number of identical certificates in the last 168 hours (7 days). If you still have the certificates and their keys, you should use one of those. If you have repeatedly screwed up, deleting the files or whatever, then you have to wait.

Usually this will happen because you were trying to test something, but used the production system. The production Let’s Encrypt system is not for testing things, read about their staging environment (which doesn’t issue “real” trusted certificates) for that.

You might not have to wait for one week. It depends if how the certificates where requested. If you have requested all today, then you will have to wait one week. If it was over several day’s, then not. The rate limit is using a sliding window.

If you’ve hit a rate limit, we don’t have a way to temporarily reset it. You’ll need to wait until the rate limit expires after a week. We use a sliding window, so if you issued 10 certificates on Monday and 10 more certificates on Friday, you’ll be able to issue again starting Monday. You can get a list of certificates issued for your registered domain by searching on crt.sh, which uses the public Certificate Transparency logs.

From
https://letsencrypt.org/docs/rate-limits/

Also, you can bypass that rate limit by adding a new subdomain or other domain to your next certificate request.

Why can’t you use one of the other 5 certificates, though?

Do you mean that if I hit a rate limit for example.com I can request a new certificate for example.com if I included this domain with a certificate request for example.org?

I think you mean this?

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.

This is true for the rate limit that you hit ("too many certificates already issued for exact set of domains"). There are other rate limits for which this is not true, but you haven't apparently hit that one so far.

Also an appropriate question since those certificates were recently issued successfully—if they weren't deleted somehow, it should be possible to use them.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.