Too many SSLs issued to a domain?

There’s a rate limit of 5 certificates per 7 days per domain. It’s a rolling window of 7 days, so if you issued all certificates today, you’ll have to wait exactly 7 days. You can use https://crt.sh/ to check how many certificates for your domain were issued recently.

There’s no way to bypass or reset the limit.

Thank you for the information and link. The link is actually showing only 4 certs issued so working with siteground now to resolve.

Weird I am being told the Let’sEncrypt servers are not allowing another SSL to be installed, by I am at only 4 installed this week… IS there an area for more in depth support? Thanks.

Are there any subdomains you aren’t counting ?

Are you happy to provide your domain name ?

It’s a client domain so want that to remain private, sorry. No subdomains at all. Is there some way to speak with a support member, I know this is opensource so forums may be the only contact method. Thanks for the reply too.

You could private message one of the staff, but I think that’s the only option

If you check https://crt.sh/?Identity=%yourdomain&iCAID=7395 (including the % ) does that still show only 4 certs ?

OH ok thanks I am seeing 5 now not 4. Thank you.

The first SSL was installed 2016-02-12, does that mean in a couple days a new SSL spot will open up?

Yes, on the 19th … a few mins after whatever time it was on the 12th.

Great news thank you.

is there a way to retrieve an SSL that was already issued?

If you haven’t kept a copy, then I don’t believe so, no.

Dang ok, I used the siteground auto installer so I will see if they keep a log

You can get all of your previous certificates from the Certificate Transparency system. If you find them in crt.sh, you can download them directly. Just click on the “Certificate” (or “ASN.1”) link.

Of course, you’ll also need your corresponding private key, which crt.sh doesn’t have. (Our Python client makes a new private key for each certificate; I don’t know if Siteground’s installer does the same.)

1 Like

The LE folks need to add a way to revoke certificates so that new certs can be issued or increase the limit. This limit of 5 is getting very annoying.

It’s still in beta and the document why it’s limited. It’s not ideal but come on be grateful they are even offering this service.

1 Like

I am grateful, but this is probably the number one complaint folks have about LE. 5 is too restrictive and doesn’t allow enough grace for those who are just getting started with LE and screw up a few certs. At the very least, a slightly more reasonable limit like 20 might alleviate a lot of the issues folks have when first getting started.

In addition to the reply posted by @hanlonhart, I'd mention that the reason why revoking a cert doesn't restore your limit is because the current limits are not there to restrict the number of active certificates, rather the number of issued certificate to make sure that the resources available are properly distributed among all the users.

You use LE issuance resources when you request a certificate, not depending on the state of the certificate itself. They are rate-limiting issuance.

And then someone will come, and say that for him the best limit is 25 because he needs 21. It's a never ending story: whenever there is a limit, there will always be someone who think he deserves a larger limit.

Please see:

Not sure my reply to this went through, probably user error :expressionless:

In repy to my issue with deleting my SSL’s from Siteground server using the Cpanel bc/ of an unknown issue, and how to find the CRT and Private keys since you never actually see them using the automated Siteground installer.

Site ground has a .ssl hidden folder at the root that has a certificate folder and a private key folder. You can then use the SSL Manager and install it manually by copying and pasting into the Certificate Textarea and then the Private key into the Private Key textarea. Thanks man this got me pointed in the right direction and resolved my issue. Site is now secure.

If I followed correctly, the limiting factor is oscp signing every 4 days for every valid certs. As revoking a cert only needs one ocsp signing, period, it could actually raise the limit.