I’ve got a handful of certificates expiring today and another half a dozen or so that expired about 2 weeks ago - all provisioned with Let’s Encrypt and failing to auto-renewal.
When I try to use the “Provision” option from the web interface I get the following error:
Something unexpected went wrong: Error creating new cert :: Too many certificates already issued for exact set of domains:
followed by all the domains on my MiaB.
Is there an easy way to reset the certificates and provision again?
This usually means you’ve requested too many unique certificates in a 7 day window. Generally the only way to let this correct is to wait out the window to where you do not exceed the rate limit of Let’s Encrypt.
Have you perhaps been requesting certificates for your domains or subdomains outside of your box?
I had a similar problem when I was serving content out of the default /var/www/html folder. I solved my problem by placing manually the certificates at the correct folders.
Still got this problem. I’m not serving any additional content like 0x906, and still getting the same message that “Too many certificates already issued for exact set of domains”.
Is there any way to reset the certificate provisioning?
Tried nuking all the certificates, re-installing with a self-issued certificate and going through the process from scratch - exactly the same problem. Not sure how to work around it.
Remember that Letsencrypt has a limitation of 5 certificates per domain per 5 days. If you fail to retrieve a certificate for a specific domain 5 times within 5 days period then you are locked out and you should try again after 5 days from your last unsuccessful attempt.
I think this is actually a bug in mailinabox. I was getting this error for certificates that had never been issued by let’s encrypt. I also did a manual cert issue with the letsencrypt scripts and to validate that it wasn’t a letsencrypt issue limit issue.
Could be to do with some of the python libraries. I managed to partially fix this error by reinstalling some of the libraries. But now have another bug. Working enough for me at the moment, but not ideal and not enough time to dig down into the stack to figure why it’s not work.
Tried a described here. Didn’t worked for me. Reinstalled mailinabox to ensure that it wasn’t an issue caused by a previous version than 0.21c because 0.20b didn’t want to update automatically. So far that doesn’t seem to be the case.
This is what the log shows me:
Log:
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for box.domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domain1.tld.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domain1.tld.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domain2.tld.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domain2.tld.
Validation file is not present — a file must be installed on the web server.
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for box.domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domainX.email.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domain1.tld
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domain1.tld
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for domain2.tld.
Validation file is not present — a file must be installed on the web server.
Reusing existing challenges for www.domain2.tld.
Validation file is not present — a file must be installed on the web server.
@Orwell84_ the logfile gives the error that lets encrypt is not able to “see” the validation file for the domains.
You should check /home/user-data/ssl/lets_encrypt/acme_challenges/ if that contains files for your domains.
Maybe (re)move /home/user-data/ssl/lets_encrypt and run /root/mailinabox/management/ssl_certificates.py -v to recreate the lets encrypt client and files.
@Orwell84_ you did not what I suggested if you get that message …
sorry you screwed your lets-encrypt setup and give you some kind of useful help with just that one line if logfile you give is not possible from my end.
Ok thanks. Is there a way to safely export data to a new setup or export possibility to a different environment than MIAB? Since 0.19 I’m experiencing nothing than trouble lately like roundcube giving 500 error and now this with renewing my certificates.
I have tried the suggestions of multiple threads now (#1101, #1059, and many others). I was just about to backup and move to a brand new install MIAB in its entirety when I found a suggestion to simply add an email at a new sub-domain. Took only seconds and finally allowed Let’s Encrypt to issue a new cert. I’m sure I’ll have to do the same thing in 90 days… but at least it works. I suggest people try this before they spend hours digging through other threads and trying all the different solutions suggested by others.
Thanks for the suggestion. Unfortunatly it didn’t worked for me. I’m already moving out. I’m kinda done since 0.19b MIAB keeps bugging like hell for me. Every time you post something in here I got the impression that it ends up “You must have fucked up your settings” which isn’t the case. I’m not a super techie wizzkid but one thing I learned from a guy who is, don’t fix it when it’s not broken and because I’m hosting several domains for friends and family I don’t dare to touch the MIAB for fucktarding around. The box is beside normal security updates unattended. If every troubleshoot here ends up that way and MIAB is costing me more time than it delivers me (one of the main reason why to bundle all those domains together on one platform) than I guess I’m going to try my luck on another mail platform.