I've tried to migrate our website, cruxpsychology.ca to three different servers
Every time I attempt to activate the ssl cert, I'm informed You've hit the Let's Encrypt rate limits for this domain
I've deliberately waited 2 weeks before attempting again to make sure I'm not over the rate limit
However, once again, on the very first try - I get the error again
I don't understand the crt.sh well enough to determine where or what is causing the limit on attempts
What caused all those issuances on December 26th? There were 5 certificates issued..
That's exactly what my question is...
Well, they can't come from nowhere, so probably something or someone on your server is doing it. It seems to have a weekly pattern, so probably a misconfigurd ACME client.
Which ACME client are you using?
I completely understand they are coming from somewhere
I don't know what an ACME client is to know what to look into
All I know is that I'm trying to migrate the website from one server to another - and I can't because something is running too many SSL cert applications
Therefore - why i'm looking for help
Can you find the server definition for this domain in your nginx.conf?
What does the line for the ssl_certificate say?
Checking just now I see @revolve is using one of the certs acquired on 26 December. 
Is this your old server or the new one you're migrating to or migrated to?
I don't know if I have access to the nginx.conf - I'll try today
looking at the current cert (on the old server) I believe it matches crt.sh | 5868711534
what part of this record shows what server has made the request? I'd like to review other records to know if the requests are all coming from the same source
and... in review of crt.sh | %.cruxpsychology.ca
why don't i see any of records for my attempts to add a cert on the new server yesterday?
Only issued certificates are recorded in Certificate Transparancy Logs.
ok... so there were 10 certificates approved for Dec 26-27...
what field shows what server has applied for these?
is it common to have multiple certs for 1 website? (if so - 10?)
By default, pre-certificates are also shown on crt.sh, so you'd need to divide the number by 2. I.e., not 10 but 5 certificates were issued on 26 and 27 december. (Which makes sense, as the duplicate rate limit is 5 per week.)
There's no such field. That's not publicised by Let's Encrypt.
No, it's not. Also, the crt.sh output looks more like a very bad and malfunctioning or misconfigured ACME client trying to get a certificate repeatedly every minute or so! That is NOT what is supposed to do. The ACME client should check if a certificate is due for renewal, usually 60 days after issuance and only IF it's due, renew it. NOT every single minute of the day.
Also, we're lacking seriously in information here, as you haven't filled out the questionnaire which should have been presented to you when you opened a new thread in the Help section. Let's pull that questionnaire up again anyway: (some questions already have been answered, but for completeness, please fill them out again anyway)
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
My domain is: cruxpsychology.ca
I ran this command: in the new hosting, I trued to activated the request to implement an ssl cert
It produced this output:You've hit the Let's Encrypt rate limits for this domain.
My web server is (include version): don't know
The operating system my web server runs on is (include version): don't know
My hosting provider, if applicable, is: New server SpinUp with an AWS container; old server dynamic hosting
I can login to a root shell on my machine (yes or no, or I don't know): new server, yes; old server, no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
New server - web interface; old server - plesk, version unknown
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): don't know
Is the old server still running? If not, when did you stop it?
No - it's still hosting the site since I can't get an SSL cert on the new server
Do you know who managed the old server? I.e., who can tell you how that server gets its certificates?
Yes - but that's why I'm here finding answers
I pointed the finger at them earlier... and they said it wasn't them
Now that i have some info - I'll go back again
The more info I can get here - the more I can find the root of the issue
I understand, but we also require information to guide you. Hopefully you have enough at the moment to ask the person managing the older server to stop issuing that rediculous amount of certificates.
I do... and if a follow-up creates more questions, I'll be back
Thanks you and others who contributed...
I may be back
You're welcome to do so! Remember, the more info you can provide, the better 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.