Too many certificates already issued for exact set of domains

My domain is: onlinebooking.lifefitnesscenter.gr

I ran this command:

It produced this output:

My web server is (include version): apache

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine yes

I’m using a control panel to manage my site : ispconfig 3

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I ended up with 2 accounts on my server, so ispconfig does not know which one to use, so it does not issue new certificates.

Trying to renew the one for

onlinebooking.lifefitnesscenter.gr

i ended up with this error

too many certificates already issued for exact set of domains.

Is there a way to retrieve one of the certificates in order to import it manually to my server? I cannot wait till the time limit ends.

Please help…

No. You've issued five certs within the last week--why not use one of them?

I wish I knew WHERE are these in order to use them!

Hi @xtrgeo

do you really use Certbot, if you have an ISPConfig? That's bad, Ispconfig has an integrated solution you should use.

Check

How did you create these 5 certificates?

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
986411114 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 20:45:05 2019-09-23 20:45:05 onlinebooking.lifefitnesscenter.gr - 1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-07-02 18:35:06
986375555 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 20:11:10 2019-09-23 20:11:10 onlinebooking.lifefitnesscenter.gr - 1 entries duplicate nr. 4
986335162 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 19:31:04 2019-09-23 19:31:04 onlinebooking.lifefitnesscenter.gr - 1 entries duplicate nr. 3
986320794 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 19:17:04 2019-09-23 19:17:04 onlinebooking.lifefitnesscenter.gr - 1 entries duplicate nr. 2
986271905 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-06-25 18:35:06 2019-09-23 18:35:06 onlinebooking.lifefitnesscenter.gr - 1 entries duplicate nr. 1

Manual with Certbot?

If yes, what says

certbot certificates

You should see the 5 certificates, so import one with your ISPConfig.

certbot certificates presents only one certificate for this domain.

I do not generated the certificates manually with certbot from the command line, I use the specific checkmark inside ispconfig control panel.

If I click on the id of one of the certificates you mention above, it downloads certfile-certspotter-XXXXXXX.pem file. How can I use it in order to import it to my server?

1 Like

That's good.

Your domain uses a wrong certificate ( https://check-your-website.server-daten.de/?q=onlinebooking.lifefitnesscenter.gr ):

CN=elastika4u.gr
	28.05.2019
	26.08.2019
expires in 61 days	elastika4u.gr, www.elastika4u.gr - 2 entries

Is this your domain? The same ISPConfig?

If yes, ISPConfig has picked the wrong certificate.

So check your domain management to configure your domain with the correct certificate.

It's "only" a configuration problem inside of your ISPConfig.

If you have used ISPConfig to create the certificates, then you should have all you need.

I am very dissapointed. I cannot make it work. I do have a backup of the all server (all files etc) but after making several attempts to restore the files I get several error messages.

Can someone point me to the right direction please?

It is very frustrating not to be able to issue a new certificate for a domain if something goes wrong. How long I must wait?

1 Like

It is a rolling week period, so if you have figured out what you are doing wrong, you just need to wait until the weeks anniversary of the oldest one expires, you will be down to 4 and can re-authenticate a new one.

As a horrible workaround, you could in the meantime add an extra subdomain to the request in the subjectAltName, in which case the certificate won’t be identical to the previous 5 and it will issue.

1 Like

I don't know how ISPConfig works. But I don't think these certificates are deleted.

So you don't need to wait. Perhaps you should ask in a ISPConfig - forum.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.