Let's Encrypt returns 'too many certificates' on a live domain setup
LE has a per-registered-domain rate limit on new certs per week. A setup stuck in a retry loop hits it in no time.
Try this first
- 1Stop the retry loops before fixing anything. A script trying every 5 minutes burns the rate limit in an hour and parks you for a week.
- 2Confirm you are not duplicating cert requests: multiple subdomains via separate certs instead of one SAN cert is a fast path to the limit. Bundle where you can.
- 3Use the LE staging endpoint (acme-staging-v02.api.letsencrypt.org) while testing setup. No rate limit, and you know when the real request will succeed.
- 4If the rate limit is already hit and you need a cert: a 'duplicate certificate' exception exists, and you can temporarily fail over to another CA (ZeroSSL does ACME, Buypass too). Not a permanent choice, an escape route.
- 5Going forward: use a renew tool with exponential backoff on failure (certbot, acme.sh, Caddy). They will not retry endlessly back-to-back themselves.
When to bring us in
Production site without a valid cert and the rate limit full for a week: do not improvise with self-signed or a random CA. Call us; together we pick the cleanest temporary fix and restore the automation afterwards.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.