A ~1,5 weeks ago I started to notice that for some reason win-acme client is unable to renew the certificates. Back then the logging was not verbose enough, so I don’t know what was the initial issue, but at the moment I’m getting the code:429.
According to crt.sh (https://crt.sh/?q=%.gallup.ee), Task Scheduler has been trying daily to get the update through. Servers Event Log confirms that.
Turning up the verbosity reveals this: Error creating new cert :: too many certificates already issued for exact set of domains
What I don’t understand is what kind of limit am I hitting? And why?
Is it the duplicate limit? Shouldn’t the renewals be completed no matter what?
It's how the win-acme is configured by default. It starts daily but you can set a threshold - if current certificate is newer then the update is skipped. That way it's safe to run it daily as the update happens only when it's necessary.
As it was unable to complete the update, it tried to do it every day and eventually crossed the limit.