Too many certificates already issued

Hi @BlitzkriegSoftware,

In this case, only the owner of the domain can make a request to treat it differently, so you can ask the Azure (or other) service operators if they’d like to do so.

I think it’s possible that some of the operators’ position is that they don’t want individual subscribers to get certificates for these names, since they expect subscribers to obtain their own distinctive domain names for public services that they offer, rather than using the infrastructure providers’ domain names.

Not quite. For amazonaws.com, you get "Error: urn:acme:error:rejectedIdentifier :: Policy forbids issuing for name". No certificates at all.

Hello.

We also have got the problem while issuing Let’s Encrypt SSL certificate for our customer’s subdomain on our shared server, the error occurs:

Error during certificate generation: acme error ‘rateLimited’: Error creating new cert :: too many certificates already issued for exact set of domains: blog.customoto.com,www.blog.customoto.com

Last time have tried to issue Let’s Encrypt SSL for blog.customoto.com - it has been issued for blog.customoto.com, but hasn’t been issued for www.blog.customoto.com due to above mentioned error.

We know about the limits per week - 20 per week, the matter is that our client had performed multiple attempts to issue SSL before, but had to re-add subdomain - so the SSL had to be re-issued again

My question is - is there any chance to reset this limits for domain from the server side, do we have to change any settings or run specific commands? Or should we wait till the end of the week in this case to be able to issue SSL for subdomain again? If it was issued last time today, at Tuesday - so we will be able to issue it again next Tuesday or earlier?

Hi @Hostpro1,

I don't believe that this is the ultimate reason for the error. Your customer has already issued many certificates for both blog.customoto.com and www.blog.customoto.com, not just one such certificate.

This is more symptomatic either of a bug, of a user who is using something like --force-renew inappropriately, or of a user testing against the live CA server.

The limit cannot be reset, so you'll have to wait. (Or maybe you could find one of the several previous certificates that were issued before that already cover both domains, and use that one? Have they all been deleted somehow?)

This limit will begin to expire 168 hours after May 22 03:17:00 UTC, which will be May 29 03:17:00 UTC. At that time, you could issue one more duplicative certificate.

Alternatively, if you issue a certificate that includes both of these names plus a third name, the CA will not regard it as duplicative because the names included are not identical, and then this particular rate limit won't apply (although other rate limits can apply, I think would probably not stop you from issuing one more certificate).

Thank you! Will pass it to our customer