Too many certificates already issued for my domain


#1

Hello there,
I’m new with this tool and I don’t know why I have this error: “too many certificates already issued for…”, I think is because I test many times install the certificate… So I dont know what to do now, please, can you help me? (I add some logs from /var/log/letsencrypt in the footer)

My domain is: h2683468.stratoserver.net

I ran this command: sudo certbot --apache

It produced this output: An unexpected error occurred:

There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for: stratoserver.net: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): [Apache on Ubuntu 16.04 (xenial)]

The operating system my web server runs on is (include version):

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Thanks for your help.
Julian

–> Logs <–
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1094, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 351, in obtain_certificate
cert, chain = self.obtain_certificate_from_csr(csr, orderr)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 283, in obtain_certificate_from_csr
orderr = self.acme.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 862, in finalize_order
return self.client.finalize_order(orderr, deadline)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 716, in finalize_order
self._post(orderr.body.finalize, wrapped_csr)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 94, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1130, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1147, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 999, in _check_response
raise messages.Error.from_json(jobj)


#2

Hi @SetamanJuly

there are a lot of certificates created:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:true;domain:stratoserver.net;issuer_uid:4428624498008853827&lu=cert_search

1416 active certificates (pre- and leaf-certificates).

Per domain are only 50 certificates / week possible - plus renews.

Do you have an own domain name, so you can use your webserver with your own name?


#3

Hi! Thanks for the reply.

I have a own domain: www.beerbikebarcelona.com but I have there some js that contains this: “http://www.h2683468.stratoserver.net/public…” so, that JS is blocked by the browser cause that calls are not a SSL connection, that was the reason of why I wanted apply the certificate here h2683468.stratoserver.net too.

Regards.


#4

But where is the webspace of this domain?

Is this the same webspace? If yes, you can change the links.

There are different people creating certificates with stratoserver.net as main domain. So it may be impossible to create a new certificate.


#5

Oh, I understand the problem now… Ok, I’ll install my api in other private domain and I think that will solve my problem.

Thanks a lot for your help!


#6

PS: Checked your domains ( https://check-your-website.server-daten.de/?q=beerbikebarcelona.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
beerbikebarcelona.com A 62.149.128.151 yes 1 0
A 62.149.128.154 yes 1 0
A 62.149.128.157 yes 1 0
A 62.149.128.160 yes 1 0
AAAA yes
www.beerbikebarcelona.com A 85.214.84.12 yes 1 0
AAAA yes
Host T IP-Address is auth. ∑ Queries ∑ Timeout
h2683468.stratoserver.net A 85.214.84.12 yes 1 0
AAAA yes
www.h2683468.stratoserver.net A 85.214.84.12 yes 1 0
AAAA yes

So your www.beerbikebarcelona.com has the same ip address as your stratoserver.

So it should be possible to load these things directly. Or create a subdomain images.beerbikebarcelona.com

PS: And your www has already a working certificate. You are the domain owner, so nobody else can create a certificate, so there isn’t this rate limit problem.


#7

You’re totally right! That will solve my problem!

Thanks a lot and regards!


#8

If all else fails…
And as a very temporary workaround…
[while you figure out how to secure it properly]

You could probably proxy to that remote http content through your secured https site.
So that
https://www.beerbikebarcelona.com/something-unique/{content}
gets
http://www.h2683468.stratoserver.net/public/{content}

[kids don’t try this at home - creates a false sense of encryption/security]