too many certificates already issued for exact set of domains (let's encrypt)

Discussion in 'ISPConfig 3 Priority Support' started by Enrique García, Jan 14, 2018.

  1. Enrique García

    Enrique García Member HowtoForge Supporter

    I trying to enable let's encrypt but the check box of ispconfig is cleared automatically.
    So, this is the log
    # cat /var/log/letsencrypt/letsencrypt.log
    Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: fyde.com.mx,www.fyde.com.mx: see https://letsencrypt.org/docs/rate-limits/

    I check https://letsencrypt.org/docs/rate-limits/ about the rate limits. I check the certified issued with the link https://crt.sh/?q=fyde.com.mx.

    I see that the limit was not exceeded.

    Any advise,

    Regards,
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    How can you check that?
     
  3. Enrique García

    Enrique García Member HowtoForge Supporter

    In the link https://crt.sh/
    But only display the authorized transaccitons, in my case display:
    crt.sh ID Logged At Not Before Issuer Name
    301777016 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    301744600 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    301656859 2018-01-12 2018-01-12 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    298094235 2018-01-09 2018-01-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    297882517 2018-01-08 2018-01-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    264501234 2017-11-26 2017-11-26 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    218576840 2017-09-27 2017-09-26 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    209551969 2017-09-13 2017-09-13 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    204184762 2017-09-04 2017-09-04 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    202681792 2017-09-01 2017-09-01 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    200811589 2017-08-28 2017-08-28 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    195593183 2017-08-21 2017-08-21 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    159476821 2017-06-22 2017-06-22 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    127030543 2017-04-23 2017-04-23 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    95513595 2017-02-22 2017-02-22 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    74721756 2017-01-08 2017-01-06 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
    49786213 2016-11-05 2016-11-05 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    31180989 2016-09-06 2016-09-06 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    24164919 2016-07-08 2016-07-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    18777103 2016-05-09 2016-05-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    14897782 2016-03-09 2016-03-09 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1
    11909330 2016-01-08 2016-01-08 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X1

    Only 5 Authorization in the last week, and the limit is 20.

    :)
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Certbot is the official LE client and when certbot tells you that it received the answer from LE that you exceeded a limit, then you probably exceeded a limit. The limit the certbot log shows is about 'exact set of domains' and not about the overall number of certs and according to LEm this limit is 5 and not 20.

    I'll cite from LE page:

    The text from LE also tells you how to circumvent that limit. add a new subdomain in dns and then add this subdomain to this website and you should be able to request a new cert.
     
  5. Enrique García

    Enrique García Member HowtoForge Supporter

    It works, but only for docente.com.mx and quieroplayeras.com, but no for fyde.com.mx
    I add subdomain with no redirect to fyde.com.mx but doesn's works.
    fyde.com.mx is the main page.
     
    Last edited: Jan 15, 2018
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the letsencrypt log file, if it still says that you issued too many certs, then you'll have to wait.
     
  7. Enrique García

    Enrique García Member HowtoForge Supporter

    Ok, I create 2 more webs in the same server with this Let's works with no problems.
    I will wait for the main web.
    Thanks for the advise.
     

Share This Page