I work on Geoserver application running on Tomcat 9. First, when I got certificate, it doesn't work so i delete it, and now when i try to get new one it says
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *************.hr, retry after 2022-08-09T19:55:02Z: see Duplicate Certificate Limit - Let's Encrypt
Problem is, when i try to get new one, after the time it says, try after other date and so on ...
Hi @josip27, and welcome to the LE community forum
Your "process" is flawed:
Stop deleting the certs.
Once you have one, you just need to use it properly.
I agree with rg305 that your process is wrong and tomcat is likely the problem.
Just note that Tomcat 9 supports pem files directly so you don't need to convert them to p12. Also see this topic
Thanks for answer, but i made everything what is written in article, sudo certbot ..., copy files into tomcat/conf, set permissions, and add files into server.xml and then restart tomcat and says 'refused to connect'. I valide it with correct port ...
We know you have Tomcat 9 but can you complete the rest of the info? Thanks
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
domain name: geoserver8.sgis.hr
I delete all certificate so my output now is only: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *************.hr, retry after 2022-08-09T19:55:02Z: see Duplicate Certificate Limit - Let's Encrypt
Operating system: Ubuntu 22.04 x64
Im using control panel, and version of certbot is certbot 1.21.0.
Now tomcat works normally on http, port 8080
There was no reason to delete your certificates. You don't have a problem getting certs in fact you got too many. You need to focus on why your server is not configured to use them properly.
Your cert history can be seen here:
Your error message saying "retry after 2022-08-09T19:55" seems wrong for that domain name. You will not be able to get a new cert with just that domain name until after Aug13 at 10:31 UTC. This is 7 days (168 hours) from your most recent fifth cert.
What was the exact command that showed you that error message? Is that done inside the panel you describe? What panel is that?
I can see your server using HTTP on port 8080 like you say. But, what port are you using for httpS connections to your server? Port 443 is blocked probably by some sort of firewall.
i ran command 'sudo certbot certonly --standalone -d geoserver8.sgis.hr'. It's done inside the panel as root.
I'm using 443 port, but i allowed it on firewall.
Thank you for answers, i will try to configure server properly.
The last, is there chance to get old certificate or i need to wait till Aug13 to get new one?
I don't see it open. This is port test and also a curl (data) request times out.
nmap geoserver8.sgis.hr -Pn -p80,443,8080
PORT STATE SERVICE
80/tcp filtered http
443/tcp filtered https
8080/tcp open http-proxy
curl -i -m10 https://geoserver8.sgis.hr
curl: (28) Connection timed out after 10001 milliseconds
The Rate Limit link in the error message shows a page with a work-around. You can also get a previous cert from the public crt log. But, you need the matching private key for that cert for it to work. If you deleted your "cert" you probably also deleted its matched private key but if you do have that I can describe how to get from crt.sh.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.