Too many SSLs issued to a domain?


#1

Is there any way to reissue an SSL certificate for my domain? Basically I was having server issues at Siteground and must have installed the SSL more than 5 times in an attempt to resolve an issue. The site is now stable but I need to secure it before site release to the client.

Thanks


#2

To add more clarity to my request, it states 5 have already been used. This is done through the Siteground Cpanel.


#3

Also where can I see when the SSL will be able to reinstalled? Thanks again!


#4

There’s a rate limit of 5 certificates per 7 days per domain. It’s a rolling window of 7 days, so if you issued all certificates today, you’ll have to wait exactly 7 days. You can use https://crt.sh/ to check how many certificates for your domain were issued recently.

There’s no way to bypass or reset the limit.


#5

Thank you for the information and link. The link is actually showing only 4 certs issued so working with siteground now to resolve.


#6

Weird I am being told the Let’sEncrypt servers are not allowing another SSL to be installed, by I am at only 4 installed this week… IS there an area for more in depth support? Thanks.


#7

Are there any subdomains you aren’t counting ?

Are you happy to provide your domain name ?


#8

It’s a client domain so want that to remain private, sorry. No subdomains at all. Is there some way to speak with a support member, I know this is opensource so forums may be the only contact method. Thanks for the reply too.


#9

You could private message one of the staff, but I think that’s the only option

If you check https://crt.sh/?Identity=%yourdomain&iCAID=7395 (including the % ) does that still show only 4 certs ?


#10

OH ok thanks I am seeing 5 now not 4. Thank you.

The first SSL was installed 2016-02-12, does that mean in a couple days a new SSL spot will open up?


#11

Yes, on the 19th … a few mins after whatever time it was on the 12th.


#12

Great news thank you.


#13

is there a way to retrieve an SSL that was already issued?


#14

If you haven’t kept a copy, then I don’t believe so, no.


#15

Dang ok, I used the siteground auto installer so I will see if they keep a log


#16

You can get all of your previous certificates from the Certificate Transparency system. If you find them in crt.sh, you can download them directly. Just click on the “Certificate” (or “ASN.1”) link.

Of course, you’ll also need your corresponding private key, which crt.sh doesn’t have. (Our Python client makes a new private key for each certificate; I don’t know if Siteground’s installer does the same.)


#17

The LE folks need to add a way to revoke certificates so that new certs can be issued or increase the limit. This limit of 5 is getting very annoying.


#18

It’s still in beta and the document why it’s limited. It’s not ideal but come on be grateful they are even offering this service.


#19

I am grateful, but this is probably the number one complaint folks have about LE. 5 is too restrictive and doesn’t allow enough grace for those who are just getting started with LE and screw up a few certs. At the very least, a slightly more reasonable limit like 20 might alleviate a lot of the issues folks have when first getting started.


#20

In addition to the reply posted by @hanlonhart, I’d mention that the reason why revoking a cert doesn’t restore your limit is because the current limits are not there to restrict the number of active certificates, rather the number of issued certificate to make sure that the resources available are properly distributed among all the users.

You use LE issuance resources when you request a certificate, not depending on the state of the certificate itself. They are rate-limiting issuance.

And then someone will come, and say that for him the best limit is 25 because he needs 21. It’s a never ending story: whenever there is a limit, there will always be someone who think he deserves a larger limit.