An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: mydomain.com
Please see the logfiles in /var/log/letsencrypt for more details.
Yes, you're correct: by using multiple -d switches, you'll get one certificate with multiple domains. I believe the first -d switch will be the CommonName (CN) domain. And all domains are added to the SAN list. But even so, if you've hit the rate limit, that limit doesn't suddenly vanish
Perhaps you can experiment first by using the --server https://acme-staging.api.letsencrypt.org/directory option. That way you can try the client and receive certificates (which won't work online, 'cause they'll be signed by some "Happy hacker" CA in stead of Let's Encrypt Intermediate X1) and the staging server doesn't have such strict rate limits.
Thank you for reply, all three of you!
I did not know that there are rate limits, I can add multiple sub-domain to one domain and the revocation can not remove the rate limit.
I tried “./letsencrypt-auto certonly --renew-by-default --standalone -d www.mydomain.com -d mydomain.com -d mail.mydomain.com --debug” but it shows the same error… looks like I have still the rate limit.
Maybe I have to wait for a week…
Am I able to recreate revoked certificate?
This is a bit problematic because koding.io right now is blocked:
Error creating new cert :: Too many certificates already issued for: koding.io
So pretty much no one using koding.io at the moment is able to create new a certificate until this lets up, even though none of us actually “own” koding.io but are restricted to our subdomains (i.e. user54321.koding.io).
Yes please give us more certificates per day. I am writing an howto for hiawatha server as reverse proxy and alas after testing 5 times hit the limit.
I had just deleted the /etc/letsencrypt/renewal and live dir because I had errors and BAM hit the limit.
If you can change your DNS through an API, then you can use the DNS challenge ( as that just uses DNS and doesn’t need to do anything on each server). Alternatively use getssl which is a bash script written for automating certs on remote servers ( as long as you have SSH access to the various remote servers using keys ) getssl will also perform the DNS challenge method if you wanted to do it that way.
I have what I assume will be a common use case. I have VMs in Azure that I am attempting to make certs for, when the rate limit is calculated it apparently uses the top level domain e.g. Azure.com, and not my sub-domain of the machines in my subscription. IMHO this is a bug…
Submit-ACMECertificate : Error creating new cert :: Too many certificates already issued for: azure.com
At line:1 char:2
+ Submit-ACMECertificate cert01
+ CategoryInfo : ResourceBusy: (ACMESharp.Vault.Model.CertificateInfo:CertificateInfo) [Submit-ACMECertif
+ FullyQualifiedErrorId : urn:acme:error:rateLimited (429),ACMESharp.POSH.SubmitCertificate
Is there a work-around for this use case? I assume this will happen in AWS and GOOGLE clouds too.