Which rate limit?

My domain is:
I ran this command:
./wacs.exe --target manual --host $hostname --certificatestore My --notaskscheduler --accepttos --emailaddress $email --force
($hostname is vpn.arpideas.pl, $email is admin@arpideas.pl)
It produced this output:
Pretty cun-and-dry error that the rate limit had been hit:
Failed to create order: Error creating new order :: too many certificates already issued for exact set of domains: vpn.arpideas.pl: see Rate Limits - Let's Encrypt
Create certificate failed: Unable to create order
My web server is (include version):
Certificate is generated for use with SSTP, not a web-server as such.
The operating system my web server runs on is (include version):
Windows 2016 Standard
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
win-acme v

In addition to the standardized questions above, I need to provide some context. I cannot rely on the win-acme generated mechanisms for certificate renewal, because as stated the certificate is used by SSTP. Apparently it went haywire last night and for some reason kept asking for a new certificate (I've included a "retry" loop, which seemed to have not worked too well).

That said, looking at crt.sh | arpideas.pl for a list of generated certificates for arpideas.pl shows only 10 in the last week (most of it were the failed script attempts), so I'm a bit baffled that I've hit any kind of limit.

Other than the obvious (i.e. script didn't work), I'm wondering if there's perhaps something else that's wrong that I'm not seeing. I'll provide more information if need be, of course.

EDIT: I've just noticed that the latest version of win-acme also has a SSTP script. I guess I'll use that when the rate limit is reset... I'd still like to know why I've hit the rate limit...

Hi @mbender

that tells us: You didn't read the complete link shared in the error message.

There is your answer.

PS: There are pre- and leaf certificates. So 10 certificates listed -> you have created 5 identical certificates.

That's a waste of resources. Use one of these 60 - 85 days, then create one.

PS: --force is normally always wrong.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.