Unable to renew expired certificate


#1

Hi!

Our server had a problem, it’s a virtual
machine, we had to revert back to the recent working snapshot which is taken
last January 22 2019. Unfortunately, the letsencrypt certificate was
expired and we cannot renew it using certbot. I looked at the
https://crt.sh/?q=ca2.judiciary.gov.ph [3] website and it says there
that we had a new certificate generated by letsencrypt, but the thing is the
certbot certonly command throws an error that says “There were too many
requests of a given type :: Error creating new order :: too many
certificates already issued for exact set of domains:
ca2.judiciary.gov.ph: see https://letsencrypt.org/docs/rate-limits/
[4]”.

We’ve successfully requested a letsencrypt certificate from the staging
environment but not in production.

Is it possible to revoke those certificates so that we can request a new one?

Thank you.

Our domain is: https://ca2.judiciary.gov.ph

I ran this command:
certbot certonly
It produced this output:
"There were too many requests of a given type :: Error creating new order :: too many
certificates already issued for exact set of domains: ca2.judiciary.gov.ph: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):
Payara 4.1.1
The operating system my web server runs on is (include version):
Ubuntu 16.04LTS 64bit
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Payara

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0


#2

Hi @helbert

that doesn’t reset the rate limit. Please read

Revoking certificates does not reset rate limits, because the resources used to issue those certificates have already been consumed.

Where are these certificates?

https://crt.sh/?q=ca2.judiciary.gov.ph

What says

certbot certificates

#3

Hi @JuergenAuer

Thank you for your response, I really appreciate it.

Where are these certificates?
https://crt.sh/?q=ca2.judiciary.gov.ph

Well do not have access to that, that’s why we had to revert back to our working snapshot of the server that is dated January 22, 2019.

Can we request again next week from LE and replace the current certificate that was generated by staging? Or do we have to wait for the expiration of the certificate that was issued by LE?

Regards,

Helbert


#4

Yes, next week will work.

Last certificate - 2019-03-18 - > next certificate, 7 days later, 2019-03-25, next Monday.


#5

That would be nice, thank you for your reply I will update this as soon as I got a new certificate from LE.

Thank you @JuergenAuer


#6

Hi!

I have successfully replaced our LE certificate. Thank you for your help @JuergenAuer.

Regards,

Helbert


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.