Too many certificates already issued for my domain

SetamanJuly · January 30, 2019, 8:25pm

Hello there,
I’m new with this tool and I don’t know why I have this error: “too many certificates already issued for…”, I think is because I test many times install the certificate… So I dont know what to do now, please, can you help me? (I add some logs from /var/log/letsencrypt in the footer)

My domain is: h2683468.stratoserver.net

I ran this command: sudo certbot --apache

It produced this output: An unexpected error occurred:

There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: stratoserver.net: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): [Apache on Ubuntu 16.04 (xenial)]

The operating system my web server runs on is (include version):

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Thanks for your help.
Julian

–> Logs <–
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1094, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 351, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 283, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 862, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 716, in finalize_order
self._post(orderr.body.finalize, wrapped_csr)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 94, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1130, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1147, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 999, in _check_response
raise messages.Error.from_json(jobj)

JuergenAuer · January 30, 2019, 8:37pm

Hi @SetamanJuly

there are a lot of certificates created:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:stratoserver.net;issuer_uid:4428624498008853827&lu=cert_search

1416 active certificates (pre- and leaf-certificates).

Per domain are only 50 certificates / week possible - plus renews.

Do you have an own domain name, so you can use your webserver with your own name?

SetamanJuly · January 30, 2019, 8:54pm

Hi! Thanks for the reply.

I have a own domain: www.beerbikebarcelona.com but I have there some js that contains this: “http://www.h2683468.stratoserver.net/public…” so, that JS is blocked by the browser cause that calls are not a SSL connection, that was the reason of why I wanted apply the certificate here h2683468.stratoserver.net too.

Regards.

JuergenAuer · January 30, 2019, 9:01pm

But where is the webspace of this domain?

Is this the same webspace? If yes, you can change the links.

There are different people creating certificates with stratoserver.net as main domain. So it may be impossible to create a new certificate.

SetamanJuly · January 30, 2019, 9:11pm

Oh, I understand the problem now… Ok, I’ll install my api in other private domain and I think that will solve my problem.

Thanks a lot for your help!

JuergenAuer · January 30, 2019, 9:11pm

PS: Checked your domains ( beerbikebarcelona.com - Make your website better - DNS, redirects, mixed content, certificates ):

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
beerbikebarcelona.com	A	62.149.128.151	yes	1	0
	A	62.149.128.154	yes	1	0
	A	62.149.128.157	yes	1	0
	A	62.149.128.160	yes	1	0
	AAAA		yes
www.beerbikebarcelona.com	A	85.214.84.12	yes	1	0
	AAAA		yes

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
h2683468.stratoserver.net	A	85.214.84.12	yes	1	0
	AAAA		yes
www.h2683468.stratoserver.net	A	85.214.84.12	yes	1	0
	AAAA		yes

So your www.beerbikebarcelona.com has the same ip address as your stratoserver.

So it should be possible to load these things directly. Or create a subdomain images.beerbikebarcelona.com

PS: And your www has already a working certificate. You are the domain owner, so nobody else can create a certificate, so there isn't this rate limit problem.

SetamanJuly · January 30, 2019, 9:17pm

You’re totally right! That will solve my problem!

Thanks a lot and regards!

rg305 · January 31, 2019, 4:55am

If all else fails…
And as a very temporary workaround…
[while you figure out how to secure it properly]

You could probably proxy to that remote http content through your secured https site.
So that
https://www.beerbikebarcelona.com/something-unique/{content}
gets
http://www.h2683468.stratoserver.net/public/{content}

[kids don’t try this at home - creates a false sense of encryption/security]

system · March 2, 2019, 4:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.