Too many Certs already issued


#1

Please fill out the fields below so we can help you better.

My domain is: mail.aperturegroup.co; mail.theaperturegroup.co; amelia.frederickflightcenter.com

I ran this command: Attempted automatic certificate provisioning via MailInABox

It produced this output: Something unexpected went wrong: Error creating new cert :: Too many certificates already issued for exact set of domains: amelia.frederickflightcenter.com,mail.aperturegroup.co,mail.theaperturegroup.co

My operating system is (include version): Ubuntu 14.04

My web server is (include version): Nginx

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Let’s Encrypt rate limits:

https://letsencrypt.org/docs/rate-limits/

Certificates issued for exact set of domains in the last 48 hours: 5.

https://crt.sh/?q=mail.aperturegroup.co

For now, you can “cheat” that rate limit by – and i know this is unintuitive – adding a fourth, useless name to any new certificates. ("www.aperturegroup.co", “i-love-rate-limits.theaperturegroup.co”, whatever, as long as it’s valid.)

You may still run into the other rate limits, though.

More importantly, why are you issuing so many identical certificates? Is something going wrong with your software? Or maybe you should use a different architecture?


#3

Truth is I’m not trying to issue multiple certificates. I’m running an email server on mailinabox.email which has an integrated and automated certificate provisioning tool that works via Letsencrypt - I suspect it is running the autocert-bot behind the scenes but I’m not certain. The certificates for this server expire in about a week now, starting 14 days ahead the system is supposed to replace them with new ones. Each attempt (one every 24 hours) has failed with this error and I don’t understand why unless the system is requesting them far more often than it indicates. I realize my problem may be as much about the mailinabox system as it is about letsencrypt, but I use this email server in 3 locations and this is the first issue with the provisioning - the others are working just fine.


#4

This definitely looks like an issue with Mail-in-a-Box. It’s probably running into a problem after renewal where it fails to store the new certificate (or something like that), and this causes the renewal to be attempted again and again whenever the next cron run occurs. According to crt.sh, you should be able to issue certificates today. I’d say try to renew again and look for relevant logs in /var/log/syslog.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.