Too many invalid request

Hi guys !

I got problem when I tried to renew my certificate of my domain ddigital.fr on my Apache webserver
I got this message

Attempting to renew cert from /etc/letsencrypt/renewal/ddigital.fr.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: ddigital.fr. Skipping.

And when I checked crt.sh | ddigital.fr, I can see that certbot try to renew so many times my certificate...
I had crontab until end of July but I removed it when I learnt that certbot do it itself.

But, I still seeing soo many try and my certificate is invalid since end of July...

What can I do ?

Thanks for any help !

How were you configuring the crontab? It sounds like you were configuring it to always issue a new certificate.

You will probably need to look at the /etc/letsencrypt directory to find the a new certificate and use it, or wait until the rate limit expires to request a new one.

Hi !
Thanks for your answer !

My crontab command was
1 * * * 1 /usr/bin/certbot renew >> /home/dylan/certbot.log
So it was supposed to be launched every Monday but anyway if a certificate doesn’t need to be renewed it will be skipped isn’t ?

I check my directory and I found an old file like ddigital-0001.conf that was not used, even if don’t see it when I try to renew certificates. So I removed it

Is it certbot which try to renew my certificate every day ?
How can I reinstall valid certificate ? (without wait until reset of rates)

Thank you !

This means "Every hour, at one minute past the hour, on Mondays". That might not be exactly what you meant. Maybe you were thinking of "0 1 * * 1" instead?

Anyway, this is unlikely to be the root cause of the problem. But I'm not sure what you meant by "Certbot does it itself" — normally Certbot does it by having a crontab entry to run certbot renew, kind of like this one! On some operating systems the operating system package might use a systemd timer instead of crontab, but this is rather OS-specific.

Normally certbot renew should only try to renew certificates that are near expiry, so running it frequently should not cause the problem that you saw. Can you perhaps post the results of

certbot certificates

(to see which certificates you have managed by Certbot -- this will have changed as a result of your deleting the ddigital-0001.conf, though)

and

ls -l /var/log/letsencrypt

(to see how often Certbot is currently being run)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.