I tried to update my CA and it keeps giving me errors.

My domain is:www.staff.c-a-s-s.org

I ran this command: acme.sh --issue -d staff.c-a-s-s.org -w /path/to/doc/root --reloadcmd "systemctl reload " --debug

It produced this output:

My web server is (include version): Apache 2

The operating system my web server runs on is (include version): acme.sh --issue -d staff.c-a-s-s.org -w /path/to/doc/root --reloadcmd "systemctl reload " --debug
[Thu May 18 12:47:02 PM MDT 2023] Lets find script dir.
[Thu May 18 12:47:02 PM MDT 2023] SCRIPT='/etc/acmesh/acme.sh'
[Thu May 18 12:47:02 PM MDT 2023] _script='/etc/acmesh/acme.sh'
[Thu May 18 12:47:02 PM MDT 2023] _script_home='/etc/acmesh'
[Thu May 18 12:47:02 PM MDT 2023] Using config home:/etc/ssl/data
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v3.0.6
[Thu May 18 12:47:02 PM MDT 2023] Running cmd: issue
[Thu May 18 12:47:02 PM MDT 2023] _main_domain='staff.c-a-s-s.org'
[Thu May 18 12:47:02 PM MDT 2023] _alt_domains='no'
[Thu May 18 12:47:02 PM MDT 2023] Using config home:/etc/ssl/data
[Thu May 18 12:47:02 PM MDT 2023] default_acme_server
[Thu May 18 12:47:02 PM MDT 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Thu May 18 12:47:02 PM MDT 2023] DOMAIN_PATH='/etc/ssl/certs/staff.c-a-s-s.org_ecc'
[Thu May 18 12:47:02 PM MDT 2023] Le_NextRenewTime
[Thu May 18 12:47:02 PM MDT 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Thu May 18 12:47:02 PM MDT 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Thu May 18 12:47:02 PM MDT 2023] GET
[Thu May 18 12:47:02 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90'
[Thu May 18 12:47:02 PM MDT 2023] timeout=
[Thu May 18 12:47:02 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g '
[Thu May 18 12:47:03 PM MDT 2023] ret='0'
[Thu May 18 12:47:03 PM MDT 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Thu May 18 12:47:03 PM MDT 2023] ACME_NEW_AUTHZ
[Thu May 18 12:47:03 PM MDT 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Thu May 18 12:47:03 PM MDT 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Thu May 18 12:47:03 PM MDT 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Thu May 18 12:47:03 PM MDT 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Thu May 18 12:47:03 PM MDT 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Thu May 18 12:47:03 PM MDT 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Thu May 18 12:47:03 PM MDT 2023] _on_before_issue
[Thu May 18 12:47:03 PM MDT 2023] _chk_main_domain='staff.c-a-s-s.org'
[Thu May 18 12:47:03 PM MDT 2023] _chk_alt_domains
[Thu May 18 12:47:03 PM MDT 2023] Le_LocalAddress
[Thu May 18 12:47:03 PM MDT 2023] d='staff.c-a-s-s.org'
[Thu May 18 12:47:03 PM MDT 2023] Check for domain='staff.c-a-s-s.org'
[Thu May 18 12:47:03 PM MDT 2023] _currentRoot='/path/to/doc/root'
[Thu May 18 12:47:03 PM MDT 2023] d
[Thu May 18 12:47:03 PM MDT 2023] _saved_account_key_hash is not changed, skip register account.
[Thu May 18 12:47:03 PM MDT 2023] Read key length:ec-256
[Thu May 18 12:47:03 PM MDT 2023] _createcsr
[Thu May 18 12:47:03 PM MDT 2023] Single domain='staff.c-a-s-s.org'
[Thu May 18 12:47:03 PM MDT 2023] Getting domain auth token for each domain
[Thu May 18 12:47:03 PM MDT 2023] d
[Thu May 18 12:47:03 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Thu May 18 12:47:03 PM MDT 2023] payload='{"identifiers": [{"type":"dns","value":"staff.c-a-s-s.org"}]}'
[Thu May 18 12:47:03 PM MDT 2023] EC key
[Thu May 18 12:47:04 PM MDT 2023] HEAD
[Thu May 18 12:47:04 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Thu May 18 12:47:04 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g -I '
[Thu May 18 12:47:05 PM MDT 2023] _ret='0'
[Thu May 18 12:47:05 PM MDT 2023] POST
[Thu May 18 12:47:05 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Thu May 18 12:47:05 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g '
[Thu May 18 12:47:06 PM MDT 2023] _ret='0'
[Thu May 18 12:47:06 PM MDT 2023] code='201'
[Thu May 18 12:47:06 PM MDT 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/-1yfA7EY-1UKKFEDgD2VJw'
[Thu May 18 12:47:06 PM MDT 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/-1yfA7EY-1UKKFEDgD2VJw/finalize'
[Thu May 18 12:47:06 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90/authz/Y_5e3TNZOF4l1lDSDEmUyA'
[Thu May 18 12:47:06 PM MDT 2023] payload
[Thu May 18 12:47:06 PM MDT 2023] POST
[Thu May 18 12:47:06 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/Y_5e3TNZOF4l1lDSDEmUyA'
[Thu May 18 12:47:06 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g '
[Thu May 18 12:47:07 PM MDT 2023] _ret='0'
[Thu May 18 12:47:07 PM MDT 2023] code='200'
[Thu May 18 12:47:07 PM MDT 2023] d='staff.c-a-s-s.org'
[Thu May 18 12:47:07 PM MDT 2023] Getting webroot for domain='staff.c-a-s-s.org'
[Thu May 18 12:47:07 PM MDT 2023] _w='/path/to/doc/root'
[Thu May 18 12:47:07 PM MDT 2023] _currentRoot='/path/to/doc/root'
[Thu May 18 12:47:07 PM MDT 2023] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw","status":"pending","token":"2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I"'
[Thu May 18 12:47:07 PM MDT 2023] token='2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I'
[Thu May 18 12:47:07 PM MDT 2023] uri='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:07 PM MDT 2023] keyauthorization='2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I.n2-ihrrLpze2CgFdsC4WIkCeHn7IWS9a1nJdBHofkyM'
[Thu May 18 12:47:07 PM MDT 2023] dvlist='staff.c-a-s-s.org#2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I.n2-ihrrLpze2CgFdsC4WIkCeHn7IWS9a1nJdBHofkyM#https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw#http-01#/path/to/doc/root'
[Thu May 18 12:47:07 PM MDT 2023] d
[Thu May 18 12:47:07 PM MDT 2023] vlist='staff.c-a-s-s.org#2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I.n2-ihrrLpze2CgFdsC4WIkCeHn7IWS9a1nJdBHofkyM#https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw#http-01#/path/to/doc/root,'
[Thu May 18 12:47:07 PM MDT 2023] d='staff.c-a-s-s.org'
[Thu May 18 12:47:07 PM MDT 2023] ok, let's start to verify
[Thu May 18 12:47:07 PM MDT 2023] Verifying: staff.c-a-s-s.org
[Thu May 18 12:47:07 PM MDT 2023] d='staff.c-a-s-s.org'
[Thu May 18 12:47:07 PM MDT 2023] keyauthorization='2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I.n2-ihrrLpze2CgFdsC4WIkCeHn7IWS9a1nJdBHofkyM'
[Thu May 18 12:47:07 PM MDT 2023] uri='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:07 PM MDT 2023] _currentRoot='/path/to/doc/root'
[Thu May 18 12:47:07 PM MDT 2023] wellknown_path='/path/to/doc/root/.well-known/acme-challenge'
[Thu May 18 12:47:07 PM MDT 2023] writing token:2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I to /path/to/doc/root/.well-known/acme-challenge/2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I
[Thu May 18 12:47:07 PM MDT 2023] Changing owner/group of .well-known to root:root
[Thu May 18 12:47:07 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:07 PM MDT 2023] payload='{}'
[Thu May 18 12:47:07 PM MDT 2023] POST
[Thu May 18 12:47:07 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:07 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g '
[Thu May 18 12:47:08 PM MDT 2023] _ret='0'
[Thu May 18 12:47:08 PM MDT 2023] code='200'
[Thu May 18 12:47:08 PM MDT 2023] trigger validation code: 200
[Thu May 18 12:47:08 PM MDT 2023] Processing, The CA is processing your order, please just wait. (1/30)
[Thu May 18 12:47:08 PM MDT 2023] sleep 2 secs to verify again
[Thu May 18 12:47:11 PM MDT 2023] checking
[Thu May 18 12:47:11 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:11 PM MDT 2023] payload
[Thu May 18 12:47:12 PM MDT 2023] POST
[Thu May 18 12:47:12 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw'
[Thu May 18 12:47:12 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g '
[Thu May 18 12:47:12 PM MDT 2023] _ret='0'
[Thu May 18 12:47:12 PM MDT 2023] code='200'
[Thu May 18 12:47:12 PM MDT 2023] staff.c-a-s-s.org:Verify error:"error":{
[Thu May 18 12:47:12 PM MDT 2023] Debug: get token url.
[Thu May 18 12:47:12 PM MDT 2023] GET
[Thu May 18 12:47:12 PM MDT 2023] url='http://staff.c-a-s-s.org/.well-known/acme-challenge/2kkWLUBSoiDMVd2Tbu_JinHK-Ge4cNvh-itB4K4aP_I'
[Thu May 18 12:47:12 PM MDT 2023] timeout=1
[Thu May 18 12:47:12 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g --connect-timeout 1'

404 Not Found

Not Found

The requested URL was not found on this server.

---

Apache/2.4.52 (Ubuntu) Server at staff.c-a-s-s.org Port 80 [Thu May 18 12:47:13 PM MDT 2023] ret='0' [Thu May 18 12:47:13 PM MDT 2023] Debugging, skip removing: /path/to/doc/root/.well-known [Thu May 18 12:47:13 PM MDT 2023] pid [Thu May 18 12:47:13 PM MDT 2023] No need to restore nginx, skip. [Thu May 18 12:47:13 PM MDT 2023] _clearupdns [Thu May 18 12:47:13 PM MDT 2023] dns_entries [Thu May 18 12:47:13 PM MDT 2023] skip dns. [Thu May 18 12:47:13 PM MDT 2023] _on_issue_err [Thu May 18 12:47:13 PM MDT 2023] Please add '--debug' or '--log' to check more details. [Thu May 18 12:47:13 PM MDT 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Thu May 18 12:47:13 PM MDT 2023] url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw' [Thu May 18 12:47:13 PM MDT 2023] payload='{}' [Thu May 18 12:47:13 PM MDT 2023] POST [Thu May 18 12:47:13 PM MDT 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/tCS85eeX4-BXk0S7CgMDpw' [Thu May 18 12:47:13 PM MDT 2023] _CURL='curl --silent --dump-header /etc/ssl/data/http.header -L -g ' [Thu May 18 12:47:14 PM MDT 2023] _ret='0' [Thu May 18 12:47:14 PM MDT 2023] code='200' [Thu May 18 12:47:14 PM MDT 2023] socat doesn't exist. [Thu May 18 12:47:14 PM MDT 2023] Diagnosis versions: openssl:openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) apache: apache doesn't exist. nginx: nginx doesn't exist. socat: root@casstempwebsite:~/acme.sh# ^C root@casstempwebsite:~/acme.sh# systemctl status nginx Unit nginx.service could not be found.

My hosting provider, if applicable, is: Dreamhost

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0 , acme.sh v3.0.6

Please can anyone tell what I am doing wrong ?
Thank You.

Hi @kenokorocha, and welcome to the LE community forum

Double-check that path.

Also, why two ACME clients?:

Please also note that this is the Let's Encrypt Community and you're trying to get a certificate from ZeroSSL, which is a different CA.

I used Certbot and then tried acme:sh and received the same error.

The acme.sh discussions appear to happen here Welcome to acme.sh Discussions! · acmesh-official/acme.sh · Discussion #4258 · GitHub and acmesh-official/acme.sh · Discussions · GitHub.

This is the letsencrypt.log output

2023-05-23 13:39:48,419:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 213
2023-05-23 13:39:48,420:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 23 May 2023 19:39:48 GMT
Content-Type: application/problem+json
Content-Length: 213
Connection: keep-alive
Boulder-Requester: 94269341
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 1AADBOIvHGz7zefpwAUbjssI9vxIBYMjypqYsV0HhYNq7dA

{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt",
"status": 429
}
2023-05-23 13:39:48,420:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 335, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File "/usr/lib/python3/dist-packages/acme/client.py", line 936, in new_order
return cast(ClientV2, self.client).new_order(csr_pem)
File "/usr/lib/python3/dist-packages/acme/client.py", line 702, in new_order
response = self._post(self.directory['newOrder'], order)
File "/usr/lib/python3/dist-packages/acme/client.py", line 101, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1269, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1283, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1128, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
2023-05-23 13:39:48,473:ERROR:certbot._internal.log:An unexpected error occurred:
2023-05-23 13:39:48,473:ERROR:certbot._internal.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

Can anyone please help ?

That's a (temporary) error due to your attempts hitting a rate limit.

Please use the staging environment for testing.

I waited a bit and tried to renew the certificate and I received the following error

root@casstempwebsite:/var/www/html# sudo certbot certonly --force-renew -d staff.c-a-s-s.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

---

1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

---

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Renewing an existing certificate for staff.c-a-s-s.org
Input the webroot for staff.c-a-s-s.org: (Enter 'c' to cancel): /var/www/html

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: staff.c-a-s-s.org
Type: unauthorized
Detail: 184.71.204.250: Invalid response from http://staff.c-a-s-s.org/.well-known/acme-challenge/hTI3gwklzEuG2ppwKUwhomtPcHyJPdDD87os4si_K_w: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I see "openresty" in the response headers for your domain name. I believe openresty is an nginx-based server.

Can you explain why you said it should be Apache?

Also

But the IP in your DNS is related to Shaw Cable of Canada.

Maybe your IP has changed but you did not update the DNS?

Why are you using that?

It seems like Darth Vader - Wikipedia uses the dark side to get people to use that option.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.