Let’s Encrypt certificate installation fails with the following error in Plesk UI:
PLESK_ERROR: The “Certificates per Registered Domain” rate limit has been exceeded for example.com. Let’s Encrypt allows no more than 50 certificates to be issued per registered domain, per week.
Detail: Error creating new cert :: too many certificates already issued for exact set of domains: example.com,www.example.com
PLESK_ERROR: Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.
One of the Let’s Encrypt rate limits has been exceeded for example.com.
See the related Knowledge Base article for details.
Invalid response from https://acme-v02.api.letsencrypt.org/acme/neworder.
Detail: Error creating new order :: too many certificates already issued for exact set of domains: example.com,www.example.com: see https://letsencrypt.org/docs/rate-limits/
The following email message is received:
Could not renew Let's Encrypt certificates for Administrator (login admin).
Please log in to Plesk and renew the certificates listed below manually.
Renewal of the following Let's Encrypt certificates has failed:
* 'Lets Encrypt example.com' [days to expire: 28]
Invalid response from https://acme-v02.api.letsencrypt.org/acme/new-order.
Details: Type: urn:ietf:params:acme:error:rateLimited
Status: 429 Detail: Error creating new order :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/
Too many certificates were created for the domain on a specific period of time. As a result, limit Certificates per Registered Domain which is one of the Let’s Encrypt rate limits has been exceeded.
The most common rate limit of 50 certificates per domain per 7 days in a place that is set by Let’s Encrypt. As the limit is defined by Let’s Encrypt directly and cannot be managed through Plesk.
To overcome the issue wait for this week period to pass and reissue the certificate or consider issuing a new Let’s Encrypt wildcard certificate.
There are two other limits:
- User can create a maximum of 10 Accounts per IP Address per 3 hours.
- User can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours.
See Let’s Encrypt Rate Limits documentation for more details.
Note: Subdomains from the same domain zone like example.com and blog.example.com are having the same rate limit. Thus, when first 50 domains of sub.example.com will get the certificate, the rest need to wait for a week.
Note: If the initial error was different, it is required to resolve it prior to re-trying generating a new certificate in 7 days. There is no difference how the request was sent from a command-line interface or from Plesk.
Note: Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week. (according to Let’s Encrypt Rate Limits documentation)