Since few weeks, i can’t renew few of my certs who have the same domain.
I have this message: “There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains”.
And when i check one of this, i see a lot of certs:
You didn’t give too much info but seems the renews follow a pattern (once on Tuesday, twice on Wednesday, twice on Thursday and once on Saturday) and so on… you shoud check if you have a task, cronjob, etc. in your server and review what the automated command does because it is not checking whether the certs need to be renewed, it is renewing them always.
Thanks for your reply. Indeed, I have a crontab every monday who try to renew all certs who gonna expires.
I just came to disable this cron. When i will be able to renew my certs ?
Wich info do you need ?
Have a nice day.
None of the certs you are showing in the screenshot have been renewed on Monday so, are you sure this is the only cron job running in your server? If it is, are you sure it is running only every Monday?.
You should already have your certs renewed. I don’t know if the certificates showed in the screenshot are for the same subset of domains but next Tuesday seems a good date to be able to renew them.
In my crontab i have:
0 0 * * 1 /scripts/renewCerts.sh >/dev/null 2> /var/log/cron.error.log
My script renew and send an email with the output of the script.
I use certbot, it’s can be him who try to renew ?
So you definitely must have something else trying to get these certificates. It’s interesting to see that the issuance events happen at about two different times of day, around 23:00 or 10:00 UTC. (The certificate notBefore date will be set to one hour prior to the true issuance time to reduce problems for clients that have their time set incorrectly.)
What kind of software runs on this machine? Are you using any sort software like Caddy or cPanel that might include its own certifical-renewal code?
@baptiste, according to my calculations, you should be able to renew already. Of course, it would be great to understand why the previous unintended renewals were happening and where those certificates were going.