Unable to renew cert due to rate limits


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: edart.adslearning.com

I ran this command:
Attempting to renew cert (edart.adslearning.com) from /etc/letsencrypt/renewal/edart.adslearning.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: edart.adslearning.com: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/edart.adslearning.com/fullchain.pem (failure)
It produced this output:

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version): linux amazon

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


Rate limit issue
#2

Hi @ganeshghube

you have 10 certificates with the same domain name created 2018-09-30.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:edart.adslearning.com&lu=cert_search

Why don’t you use one of these certificates?

Please use

certbot certificates

to show your certificates.

Then share your apache-ssl-configuration.

There is a wrong self signed certificate CN=ip-192-168-0-100. That must be replaced.


#3

Thanks, Actually cert renew every month but even after auto renewal it shows expired,
Dont know why it wont worked after apache restart. When ssl disabled and enabled and restarted httpd service it worked… This issue actually does not make sense to me…

Thanks for your help…


#4

Perhaps you have more then one certificate. So please show the output of

certbot certificates

There may be more then one certificate. So you should check which certificate is used, then use

certbot delete [certificate-name]

to cleanup.

And: The normal renew is after 60 days, not every month.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.