Too many certificates already issued for: mcgill.ca

My domain is: jobboard.scs.mcgill.ca

I ran this command: letsencrypt certonly --webroot -w webroot-path -d jobboard.scs.mcgill.ca -email devops@careerleaf.com --agree-tos --text -vvvvvv

It produced this output:
Connection: close

{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error finalizing order :: too many certificates already issued for: mcgill.ca: see https://letsencrypt.org/docs/rate-limits/”,
“status”: 429
}
Storing nonce: Odj_pY6sjrlix6lbojZeNXPQtbtgYX_ggL6IpBv63Ko
Exiting abnormally:
.
.
.
Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: mcgill.ca: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): nginx 1.4.6-1ubuntu3.8

The operating system my web server runs on is (include version): Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Looking at https://tools.letsdebug.net/cert-search?m=domain&q=mcgill.ca&d=168 gives “The Registered Domain (mcgill.ca) has used 23 of 50 weekly certificates.”. Why am I not able to generate though I have 27 more ?

@lestaff, can we increase the limits for McGill University? Should we ask for a rate limit request form to be filled out?

Someone seems to be trying to issue a lot of certificates from a list in alphabetical order and running up against the rate limit repeatedly:

https://crt.sh/?Identity=%.mcgill.ca&iCAID=16418

Okay. will check and revert back to you.
Thank You.

Yes and yes :slight_smile: We've adjusted rate limits for other academic institutions via the form.

Can I try generating the certificate now?

@Pankti, I think that @cpu’s reply means that you should ask someone from McGill’s IT department to fill out this form:

I don’t think the rate limit has been changed yet.

1 Like

That's correct. Sorry, my terse reply left that more ambiguous than it needed to be.

Cool. Will ask McGill to fill out the form. Thanks Guys.

That website relies on the crt.sh CT database, which has unfortunately been backlogged recently, so it's not counting most of the last few days of certificates.

If you use a different (and inevitably harder to use) tool, you'll find many more certificates. For example, this Censys search might work:

https://www.censys.io/certificates?q=((parsed.issuer.organization.raw%3A+"Let's+Encrypt")+AND+parsed.names%3A+"mcgill.ca")+AND+parsed.validity.start%3A+[2018-08-20+TO+*]

(If it works, it will show slightly too many certificates, starting at 2018-08-20 01:00:00 instead of precisely 1 week ago.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.