Too many certificates already issued for exact set of domains

While working on a helm continuous integration workflow for EKS, I accidentally provisioned too many certificates when testing fresh installs + upgrades as I was deleting namespaces before doing fresh installs. I’m now getting the error:

Failed to create Order: acme: urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates already issued for exact set of domains: see

When I check the rate limits though on my 7 day issuance count is only at 34, so it’s not clear why I’m seeing this.

Using Alpine 3.10, Helm 3.0.2, jetstack/cert-manager .12.0

1 Like

It's a different rate limit - 5 per week for an exact duplicate set of domains:

Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week. Note: renewals used to count against your Certificate per Registered Domain limit until March 2019, but they don’t anymore.

A certificate is considered a renewal (or a duplicate) of an earlier certificate if it contains the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [ , ], you could request four more certificates for [ , ] during the week. If you changed the set of hostnames by adding [ ], you would be able to request additional certificates.

Since the private keys for your duplicate certificates are destroyed, your choices are either to wait ~32 hours or issue a certificate with a different set of domains.

Edit: you can more clearly see the duplicate certificate rate limit in effect here: letsdebug-toolkit


Thank you that’s really helpful. It looks like as a stop-gap measure I can simply swap out “stage” for “staging” as to get around the 5/5 limit while still being under the limit quota


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.