too many certificates already issued for exact set of domains (let's encrypt)

Discussion in 'ISPConfig 3 Priority Support' started by Enrique García, Jan 14, 2018.

  1. Enrique García

    Enrique García Member HowtoForge Supporter

    I trying to enable let's encrypt but the check box of ispconfig is cleared automatically.
    So, this is the log
    # cat /var/log/letsencrypt/letsencrypt.log
    Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: fyde.com.mx,www.fyde.com.mx: see https://letsencrypt.org/docs/rate-limits/

    I check https://letsencrypt.org/docs/rate-limits/ about the rate limits. I check the certified issued with the link https://crt.sh/?q=fyde.com.mx.

    I see that the limit was not exceeded.

    Any advise,

    Regards,
     
  2. Taleman

    Taleman Active Member HowtoForge Supporter

    How can you check that?
     
  3. Enrique García

    Enrique García Member HowtoForge Supporter

    In the link https://crt.sh/
    But only display the authorized transaccitons, in my case display:
    crt.sh ID Logged At Not Before Issuer Name
    301777016 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    301744600 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    301656859 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    298094235 2018-01-09 2018-01-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    297882517 2018-01-08 2018-01-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    264501234 2017-11-26 2017-11-26 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    218576840 2017-09-27 2017-09-26 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    209551969 2017-09-13 2017-09-13 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    204184762 2017-09-04 2017-09-04 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    202681792 2017-09-01 2017-09-01 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    200811589 2017-08-28 2017-08-28 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    195593183 2017-08-21 2017-08-21 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    159476821 2017-06-22 2017-06-22 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    127030543 2017-04-23 2017-04-23 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    95513595 2017-02-22 2017-02-22 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    74721756 2017-01-08 2017-01-06 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
    49786213 2016-11-05 2016-11-05 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    31180989 2016-09-06 2016-09-06 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    24164919 2016-07-08 2016-07-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    18777103 2016-05-09 2016-05-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    14897782 2016-03-09 2016-03-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1
    11909330 2016-01-08 2016-01-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1

    Only 5 Authorization in the last week, and the limit is 20.

    :)
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Certbot is the official LE client and when certbot tells you that it received the answer from LE that you exceeded a limit, then you probably exceeded a limit. The limit the certbot log shows is about 'exact set of domains' and not about the overall number of certs and according to LEm this limit is 5 and not 20.

    I'll cite from LE page:

    The text from LE also tells you how to circumvent that limit. add a new subdomain in dns and then add this subdomain to this website and you should be able to request a new cert.
     
  5. Enrique García

    Enrique García Member HowtoForge Supporter

    It works, but only for docente.com.mx and quieroplayeras.com, but no for fyde.com.mx
    I add subdomain with no redirect to fyde.com.mx but doesn's works.
    fyde.com.mx is the main page.
     
    Last edited: Jan 15, 2018
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the letsencrypt log file, if it still says that you issued too many certs, then you'll have to wait.
     
  7. Enrique García

    Enrique García Member HowtoForge Supporter

    Ok, I create 2 more webs in the same server with this Let's works with no problems.
    I will wait for the main web.
    Thanks for the advise.
     

Share This Page