Too many certificates already issued for: mcgill.ca


#1

My domain is: jobboard.scs.mcgill.ca

I ran this command: letsencrypt certonly --webroot -w webroot-path -d jobboard.scs.mcgill.ca -email devops@careerleaf.com --agree-tos --text -vvvvvv

It produced this output:
Connection: close

{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error finalizing order :: too many certificates already issued for: mcgill.ca: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
Storing nonce: Odj_pY6sjrlix6lbojZeNXPQtbtgYX_ggL6IpBv63Ko
Exiting abnormally:
.
.
.
Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: mcgill.ca: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): nginx 1.4.6-1ubuntu3.8

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Looking at https://tools.letsdebug.net/cert-search?m=domain&q=mcgill.ca&d=168 gives “The Registered Domain (mcgill.ca) has used 23 of 50 weekly certificates.”. Why am I not able to generate though I have 27 more ?


#2

@lestaff, can we increase the limits for McGill University? Should we ask for a rate limit request form to be filled out?


#3

Someone seems to be trying to issue a lot of certificates from a list in alphabetical order and running up against the rate limit repeatedly:

https://crt.sh/?Identity=%.mcgill.ca&iCAID=16418


#4

Okay. will check and revert back to you.
Thank You.


#5

Yes and yes :slight_smile: We’ve adjusted rate limits for other academic institutions via the form.


#6

Can I try generating the certificate now?


#7

@Pankti, I think that @cpu’s reply means that you should ask someone from McGill’s IT department to fill out this form:

I don’t think the rate limit has been changed yet.


#8

That’s correct. Sorry, my terse reply left that more ambiguous than it needed to be.


#9

Cool. Will ask McGill to fill out the form. Thanks Guys.


#10

That website relies on the crt.sh CT database, which has unfortunately been backlogged recently, so it’s not counting most of the last few days of certificates.

If you use a different (and inevitably harder to use) tool, you’ll find many more certificates. For example, this Censys search might work:

(If it works, it will show slightly too many certificates, starting at 2018-08-20 01:00:00 instead of precisely 1 week ago.)


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.