Let's Encrypt failure "Too many certificates already issued for exact set of domains"

For the past few weeks, I have been getting this error when trying to provision certificates with Let’s Encrypt via the web UI as well as via the command line,

Something unexpected went wrong: Error creating new cert :: Too many certificates already issued for exact set of domains: 

What is the solution to this problem? Now my certificates have expired and all mail clients are complaining or failing to connect.

Having the same problem. I have 5 days left before expiration. On a little further investigation I’m finding that I’m over the LetsEncrypt “Rate limits” for cert issuance, just as you are, but nobody seems to know why that is. Certainly the first issuance should have been well within limits but it failed, for reasons I don’t know. Does anyone have any input? The Lets Encrypt forums have been trying to help but the issue appears to be caused by something in the mailinabox system to the best of their estimation.

Additional information: I am running MIAB v0.21b. I also tried rerunning, curl -s https://mailinabox.email/setup.sh | sudo bash but that did not help.

If there are additional logs I could provide, let me know. This problem dramatically reduces the utility of my setup.

This magically resolved itself last night. Prior to that I had tried uninstalling and reinstalling the Python OpenSSL package (with no immediate effect). In the end, I am really not sure what resolved the problem… My guess is that it had something to do with the interaction with the Let’s Encrypt service.

Having the same issue as above… Hoping it goes away on its own??

Certs expired today and cannot used the admin panel to issue new ones. Same errors as before… Guess I try another certificate provider?

I’d suggest waiting for a day. My certs expired for about a day then were successfully renewed.

I was getting the same error and my certs expired today. Looks like I was having the issue described on https://github.com/mail-in-a-box/mailinabox/issues/848. Would suggest running “management/ssl_certificates.py your.domain” to see if you’re having the same issue as it’s a bit of a pain if they expire.

tried running that but got a strange syntax error message on "<<<<<<<< HEAD"
No idea what that means… Certs expired 3 days ago…

@tramtrist

That’s a git conflict. You’ll need to reset your respository to it’s upstream state in order for the ssl_certificates.py script to work.

I posted this in TLS Certificate Auto-Renewal - but maybe it belongs here instead. Getting the same error. Not the git merge error but the let’s encrypt error. Get the same errror when running the manual command. Many days (probably a week?) have gone by with it not fixing itself.

Checked crt.sh to see when letsencrypt certs were generated:

crt.sh ID Logged At ⇧ Not Before Issuer Name
-2017-01-15 2017-01-15 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-13 2017-01-13 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-12 2017-01-12 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-11 2017-01-11 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-10 2017-01-10 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-09 2017-01-09 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-08 2017-01-08 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-05 2017-01-05 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-05 2017-01-05 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-04 2017-01-04 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-03 2017-01-03 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-02 2017-01-02 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2017-01-01 2017-01-01 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2016-10-17 2016-10-17 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2016-08-02 2016-08-02 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2016-05-18 2016-05-18 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X3
-2016-03-18 2016-03-18 C=US, O=Let’s Encrypt, CN=Let’s Encrypt Authority X1

Is this normal?

See note here on letsencrypt’s discourse that it may be a bug in MIAB: https://community.letsencrypt.org/t/too-many-certs-already-issued/24074/4