Hello,
Since few weeks, i can’t renew few of my certs who have the same domain.
I have this message: “There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains”.
And when i check one of this, i see a lot of certs:
Hi @baptiste,
You didn’t give too much info but seems the renews follow a pattern (once on Tuesday, twice on Wednesday, twice on Thursday and once on Saturday) and so on… you shoud check if you have a task, cronjob, etc. in your server and review what the automated command does because it is not checking whether the certs need to be renewed, it is renewing them always.
Good luck,
sahsanu
Hi @sahsanu,
Thanks for your reply. Indeed, I have a crontab every monday who try to renew all certs who gonna expires.
I just came to disable this cron. When i will be able to renew my certs ?
Wich info do you need ?
Have a nice day.
You're demonstrably creating certificates twice a day, though, not just on Mondays.
It's actually recommended to check twice a day, not once a week, but only to check twice a day, not to create unnecessary certificates.
Please fill in the rest of the help information.
Please fill out the fields below so we can help you better.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
None of the certs you are showing in the screenshot have been renewed on Monday so, are you sure this is the only cron job running in your server? If it is, are you sure it is running only every Monday?.
You should already have your certs renewed. I don't know if the certificates showed in the screenshot are for the same subset of domains but next Tuesday seems a good date to be able to renew them.
Cheers,
sahsanu
In my crontab i have:
0 0 * * 1 /scripts/renewCerts.sh >/dev/null 2> /var/log/cron.error.log
My script renew and send an email with the output of the script.
I use certbot, it’s can be him who try to renew ?
Thanks
What does /scripts/renewCerts.sh do
Edit:
Have you ensured that no other cron jobs or systemd timers exist?
And the other information requested?
Hello,
renewCerts.sh doing this:
#!/bin/bash
tmpFile=/tmp/renewCert.tmp
if [ -f $tmpFile ]; then
rm $tmpFile
fi
certbot renew --post-hook “/usr/sbin/service nginx reload” > tmpFile 2>&1
sed -i 's//
/’ tmpFile
tmpContent=(cat tmpFile)
renewed=(cat tmpFile | sed '1,/:/d' | sed ' d’ | sed ‘s/^[ \t]//;s/[ \t]$//’)
/usr/sbin/sendmail -F “letsencrypt@$HOSTNAME” -f “LetsEncrypt” -t “who@host.ext” << EOM
Subject: [LETSENCRYPT] Renouvellement des certificats
Content-type: text/html; charset=utf-8
<h1>Résumé :</h1>
<p>$renewed</p>
<br>
<h1>Détails :</h1>
<p>$tmpContent</p>
EOM
if [ -f $tmpFile ]; then
rm $tmpFile
fi
I dont know wich jobs or systemd can try to renew.
Two days ago, i have disable renewCerts.sh in my crontab, but…
Have a nice day
So you definitely must have something else trying to get these certificates. It’s interesting to see that the issuance events happen at about two different times of day, around 23:00 or 10:00 UTC. (The certificate notBefore date will be set to one hour prior to the true issuance time to reduce problems for clients that have their time set incorrectly.)
What kind of software runs on this machine? Are you using any sort software like Caddy or cPanel that might include its own certifical-renewal code?
I haven’t any pannel, i use certbot standalone, nginx and crontab for automatization.
Can i see who try to renew ? By IP or by any other information ?
Thanks
@cpu, do you think we can give out any more information about that?
By the way, they actually succeed when they try, so they must have a considerable level of control over your domain name. 
I'm hesitant to give out specifics like IP addresses or email addresses. I can say the following:
www.web01.pixelads.fr domain (and other pixellads.fr domains)I'm not sure how to suggest @baptiste finds this certbot installation. It certainly seems like there is one that is going off-the-rails.
Thanks, that seems like useful information.
How many time i must wait to can renew my certs ?
If i remove certbot from my server during one week, i gonna haven’t any renew ? Can i keep my certs ?
This solution is the last one 
Thanks for all
Maybe you can look in /var/log/letsencrypt to see if you have evidence that Certbot is somehow still being run on this system? Every time it runs, it should create a new log file there.
After verification, since i have remove certbot from my server, i haven’t any renew.
How many time i must wait before i can renew ?
Thanks
up, exactly same issue here 
@baptiste, according to my calculations, you should be able to renew already. Of course, it would be great to understand why the previous unintended renewals were happening and where those certificates were going.