My letsencrypt replied it could not renew previously and need to be updated. I updated to certbot with no issues. I DIDNOT run any apche commands or any commands or anything to creat new certs. I just started with renew --dry run which said I had a timeout error. Not sure why tried a couple of checks and then I came to this error.
Please help.

Thanks,

My domain is: michaelclingman.com

I ran this command: sudo certbot renew

It produced this output: Processing /etc/letsencrypt/renewal/www.michaelclingman.com.conf

Cert is due for renewal, auto-renewing…

Plugins selected: Authenticator apache, Installer apache

Renewing an existing certificate

Attempting to renew cert (www.michaelclingman.com) from /etc/letsencrypt/renewal/www.michaelclingman.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/www.michaelclingman.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/www.michaelclingman.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no i use webmin https://michaelclingman.com:10000

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Hi @LaserBoi

your configuration can't work.

Your port 80 doesn't answer ( https://check-your-website.server-daten.de/?q=michaelclingman.com ):

If you want to use http-01 validation, an open port 80 / http is required.

You have a lot of older certificates:

first from 2016-05-11, perhaps you have used tls-sni-01 validation (port 443). But that's not longer supported, so you have to use another validation method.

Check

Thank you, That is what i thought the issue was. So I comment out the

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

to force https. now it responds on http.
could you help check now what my next step is?

Thanks,

I tried again but it still times out. Is it possible that there is a permission issue for the file or folder it needs?
Sorry I am confused at how to proceed.

Thanks
M

I see only a timeout.

http://michaelclingman.com/.well-known/acme-challenge/1234
http://www.michaelclingman.com/.well-known/acme-challenge/1234

should answer.

But not only from your local machine. These urls must be visible - worldwide.

Do you have a port 80 vHost?

yes i see a timeout as well when i try from outside.
I do have a vHost on port 80 but it redirects to https 443. and I cant figure out how to stop it.
I am running nextcloud from home and I mostly followed the steps online. so I am not sure if it is .htaccess doing it or mod-rewrite.

Is a router forwarding configured?

Port 80 external -> port 80 internal?

The redirect is the second step.

And such a redirect isn’t a problem, Letsencrypt follows these redirects.

Or blocks the ISP port 80?

i was pretty sure it was, but let me double check

yes it is open and enabled and pointed at my server

Thank you so much for your help. I got it sorted. I put the server on the DMZ, which was recommended by Nextcloud as it is hardened. all worked fine then. so I am renewed.
Really appreciate the great support.
M

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.