Background: last night I was informed that a certificate on one of my hosted domains was out of date. This morning I checked: the site looked OK with a valid certificate but the certificate was dated (earlier) today, which I thought a bit suspicious.
I ran sympl-ssl -v and for every domain I was getting error messages saying the current set was no longer valid. This resulted in fetching a new certificate, with the knock-on effect that LetsEncrypt started sending back “too many certificates issued” refusals.
Here’s a sample of the offending output, which does not make sense to me:
Current SSL set 19: signed by /C=US/O=Let's Encrypt/CN=R3, expires 2022-03-11 05:42:33 UTC
The current set is no longer valid for this domain.
The latest available certificate expires in 22 days.
How is the current set invalid if it expires next March?
What is the “22 days” figure about?
sets/19/
has 4 files dated 06:42 this morning.
Sympl continues by attempting to fetch a certificate:
Fetching a new certificate from LetsEncrypt.
Requesting verification for baccapipes.org.uk from https://acme-v02.api.letsencrypt.org/directory
Successfully verified baccapipes.org.uk
Requesting verification for www.baccapipes.org.uk from https://acme-v02.api.letsencrypt.org/directory
Successfully verified www.baccapipes.org.uk
!! Failed: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: baccapipes.org.uk,www.baccapipes.org.uk: see https://letsencrypt.org/docs/rate-limits/
Environment
- Sympl Version : 11
- Sympl Testing Version? No
- Debian Version : Bullseye
- Hardware Type? Virtual
- Hosted On? Bitfolk