Too many requests

Hello there,

I work on Geoserver application running on Tomcat 9. First, when I got certificate, it doesn't work so i delete it, and now when i try to get new one it says

There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *************.hr, retry after 2022-08-09T19:55:02Z: see Duplicate Certificate Limit - Let's Encrypt

Problem is, when i try to get new one, after the time it says, try after other date and so on ...

Thanks,
Josip

1 Like

Hi @josip27, and welcome to the LE community forum :slight_smile:

Your "process" is flawed:

Stop deleting the certs.

Once you have one, you just need to use it properly.

6 Likes

Try:

6 Likes

I agree with rg305 that your process is wrong and tomcat is likely the problem.

Just note that Tomcat 9 supports pem files directly so you don't need to convert them to p12. Also see this topic

4 Likes

Thanks for answer, but i made everything what is written in article, sudo certbot ..., copy files into tomcat/conf, set permissions, and add files into server.xml and then restart tomcat and says 'refused to connect'. I valide it with correct port ...

We know you have Tomcat 9 but can you complete the rest of the info? Thanks

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version):

4 Likes

domain name: geoserver8.sgis.hr

I delete all certificate so my output now is only: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *************.hr, retry after 2022-08-09T19:55:02Z: see Duplicate Certificate Limit - Let's Encrypt

Operating system: Ubuntu 22.04 x64
Im using control panel, and version of certbot is certbot 1.21.0.
Now tomcat works normally on http, port 8080

There was no reason to delete your certificates. You don't have a problem getting certs in fact you got too many. You need to focus on why your server is not configured to use them properly.

Your cert history can be seen here:
https://tools.letsdebug.net/cert-search?m=domain&q=geoserver8.sgis.hr&d=2160

Your error message saying "retry after 2022-08-09T19:55" seems wrong for that domain name. You will not be able to get a new cert with just that domain name until after Aug13 at 10:31 UTC. This is 7 days (168 hours) from your most recent fifth cert.

What was the exact command that showed you that error message? Is that done inside the panel you describe? What panel is that?

I can see your server using HTTP on port 8080 like you say. But, what port are you using for httpS connections to your server? Port 443 is blocked probably by some sort of firewall.

3 Likes

i ran command 'sudo certbot certonly --standalone -d geoserver8.sgis.hr'. It's done inside the panel as root.

I'm using 443 port, but i allowed it on firewall.

Thank you for answers, i will try to configure server properly.

The last, is there chance to get old certificate or i need to wait till Aug13 to get new one?

1 Like

I don't see it open. This is port test and also a curl (data) request times out.

nmap geoserver8.sgis.hr -Pn -p80,443,8080
PORT     STATE    SERVICE
80/tcp   filtered http
443/tcp  filtered https
8080/tcp open     http-proxy

curl -i -m10 https://geoserver8.sgis.hr
curl: (28) Connection timed out after 10001 milliseconds

The Rate Limit link in the error message shows a page with a work-around. You can also get a previous cert from the public crt log. But, you need the matching private key for that cert for it to work. If you deleted your "cert" you probably also deleted its matched private key but if you do have that I can describe how to get from crt.sh.

4 Likes

Thank you so much!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.