Archlinux | how to configur Let's encrypt

Redgard · August 2, 2017, 3:32am

cerbot --debug

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?

1: domain1.com
2: www.domain1.com
3: vps429820.ovh.net
4: universal-genesis.net
5: www.universal-genesis.net

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 5
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/www.universal-genesis.net-0001.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for www.universal-genesis.net
Waiting for verification...
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.16.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 598, in run
certname, lineage)
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/usr/lib/python3.6/site-packages/certbot/client.py", line 335, in obtain_certificate
domains, csr, authzr=authzr)
File "/usr/lib/python3.6/site-packages/certbot/client.py", line 277, in obtain_certificate_from_csr
authzr)
File "/usr/lib/python3.6/site-packages/acme/client.py", line 313, in request_issuance
headers={'Accept': content_type})
File "/usr/lib/python3.6/site-packages/acme/client.py", line 682, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/acme/client.py", line 695, in _post_once
return self._check_response(response, content_type=content_type)
File "/usr/lib/python3.6/site-packages/acme/client.py", line 582, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: www.universal-genesis.net
Please see the logfiles in /var/log/letsencrypt for more details.

logs

2017-08-02 03:28:06,437:DEBUG:certbot.main:Arguments: ['--debug']
2017-08-02 03:28:06,437:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-08-02 03:28:06,454:DEBUG:certbot.log:Root logging level set at 20
2017-08-02 03:28:06,455:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-02 03:28:06,456:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-08-02 03:28:06,592:DEBUG:certbot_apache.configurator:Apache version is 2.4.27
2017-08-02 03:28:06,830:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x7f5d6494eb38>
Prep: True
2017-08-02 03:28:06,832:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x7f5d6494eb38> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x7f5d6494eb38>
2017-08-02 03:28:06,837:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f5d5ca08080>)>), contact=('mailto:universal.g3nesis@gmail.com',), agreement='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', status=None), uri='https://acme-v01.api.letsencrypt.org/acme/reg/19247348', new_authzr_uri='https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 0472694bd7b6eaee61322065fe4cc582, Meta(creation_dt=datetime.datetime(2017, 7, 27, 19, 20, 39, tzinfo=<UTC>), creation_host='vps429820.ovh.net'))>
2017-08-02 03:28:06,839:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-08-02 03:28:06,842:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-08-02 03:28:07,099:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352
2017-08-02 03:28:07,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: fnl6gw-wU7dsXp--s0nNB_8NKj1flfomtYLRLc0dzWs
Replay-Nonce: _IQDHeLMRQ7on2-n8aEEyHKanLhvUnx7jOM5qoeWwj4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 02 Aug 2017 03:28:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:05 GMT
Connection: keep-alive

b'{\n  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-08-02 03:28:07,101:DEBUG:certbot.util:Not suggesting name "ug"
2017-08-02 03:28:07,101:DEBUG:certbot.util:ug needs at least two labels
2017-08-02 03:28:07,101:DEBUG:certbot.util:Not suggesting name "vps429820.ovh.net:443"
2017-08-02 03:28:07,102:DEBUG:certbot.util:vps429820.ovh.net:443 contains an invalid character. Valid characters are A-Z, a-z, 0-9, ., and -.
2017-08-02 03:28:11,019:DEBUG:certbot.cert_manager:Renewal conf file /etc/letsencrypt/renewal/universal-genesis.net.conf is broken. Skipping.
2017-08-02 03:28:11,020:DEBUG:certbot.cert_manager:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/cert_manager.py", line 248, in _search_lineages
    candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
  File "/usr/lib/python3.6/site-packages/certbot/storage.py", line 412, in __init__
    self._check_symlinks()
  File "/usr/lib/python3.6/site-packages/certbot/storage.py", line 471, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/universal-genesis.net/cert.pem to be a symlink

2017-08-02 03:28:11,023:DEBUG:certbot.cert_manager:Renewal conf file /etc/letsencrypt/renewal/www.universal-genesis.net.conf is broken. Skipping.
2017-08-02 03:28:11,023:DEBUG:certbot.cert_manager:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/cert_manager.py", line 248, in _search_lineages
    candidate_lineage = storage.RenewableCert(renewal_file, cli_config)
  File "/usr/lib/python3.6/site-packages/certbot/storage.py", line 412, in __init__
    self._check_symlinks()
  File "/usr/lib/python3.6/site-packages/certbot/storage.py", line 471, in _check_symlinks
    "expected {0} to be a symlink".format(link))
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/www.universal-genesis.net/cert.pem to be a symlink

2017-08-02 03:28:11,028:INFO:certbot.renewal:Cert not yet due for renewal
2017-08-02 03:28:15,460:INFO:certbot.main:Renewing an existing certificate
2017-08-02 03:28:15,461:DEBUG:acme.client:Requesting fresh nonce
2017-08-02 03:28:15,461:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-08-02 03:28:15,688:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-08-02 03:28:15,689:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: -hHk1_7EQhgipovVfAYLD1kMVV1YnLGccTMDd3Y-spg
Replay-Nonce: kQaUb0201AxuEpytTDaPJ8Io7F8qA6nnKHlb0HOSs-A
Expires: Wed, 02 Aug 2017 03:28:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:13 GMT
Connection: keep-alive

b''
2017-08-02 03:28:15,690:DEBUG:acme.client:Storing nonce: kQaUb0201AxuEpytTDaPJ8Io7F8qA6nnKHlb0HOSs-A
2017-08-02 03:28:15,690:DEBUG:acme.client:JWS payload:
b'{\n  "identifier": {\n    "type": "dns",\n    "value": "www.universal-genesis.net"\n  },\n  "resource": "new-authz"\n}'
2017-08-02 03:28:15,697:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjRiWFVWTmtxdU5md05MUHlPV0pRZmo3QllrTGNYTmZmX3RhbGtlWVBKUU5ENFYwNUxpN3VIdC1jMEQ1dllvR1BEQU16MTJ4Zi1TSXh6V1hueUVnNnVXeS03WnZZUTExRndlQXFDNHFvXzBlNWJmcFZqSXhyNEI3VjlWTzZVREJFOURMOHV6cjdnQWJMOEw2UmNkU0dKVnVRQTIzQkRCUUFadGk3VWtBYml5ZW5FY2RtYm5WcmktN1VwVFZ6NnZ2djZUTTlUNmdlWGpMZW16dTVNb3JVT21fbjFlOWZZQU9SYXhNTzdMNlZOSGJVZWk2MV81RjA3dWh5SDNYb2txQlE3bHZEeFhob0RzSWtXbWhESDJUYVJuVVJBZGI0RThfSGV0M1JfNlBzVWE4U2VfRVNkLWJzQnlGSFRUck8tNmlMTlZKNWgyNWlUc1ZvX01xeHRuRlZtdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAia1FhVWIwMjAxQXh1RXB5dFREYVBKOElvN0Y4cUE2bm5LSGxiMEhPU3MtQSJ9",
  "signature": "uFb3CCARLD0bX1M-7siXZ1XKX8gHOwrYCch-uxfOUShDlDlGS62c_U4SzsGQBuGrTawCajQ5sf0GJqsTLUByd6pv-1XOfEHZaPAaMfNgTncD8mOnt8v4M-Wh6br-enwL_L99Ea0HbWExNefUd6vdGKZ_NVUlAvrAppavHv7w73u9YzVwdUpDYLFlAukL5uwVj5RQPP6j0JJO00cyWDgkCKg1WkPNS-Wpa11ThYnE2axLIGMsVN6_d9OsCBhv5wQqPMdATAD1P3wS2oLJAzURdB-3TaWyusivWiniG7rtj-grI2TMPSy-PQ6axFIe00lbmczUxvfLD8MSgcT8R9jI3Q",
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwKICAgICJ2YWx1ZSI6ICJ3d3cudW5pdmVyc2FsLWdlbmVzaXMubmV0IgogIH0sCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ"
}
2017-08-02 03:28:15,916:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1486
2017-08-02 03:28:15,917:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1486
Boulder-Request-Id: Bfxd-5s-lGVrgRl93BY-yo6GZElyedNp7aAfXKGRyL8
Boulder-Requester: 19247348
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk
Replay-Nonce: UfczZEdNJDxM6311oeUlKml1IZCVwv1vkUKo63OauAI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 02 Aug 2017 03:28:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:14 GMT
Connection: keep-alive

b'{\n  "identifier": {\n    "type": "dns",\n    "value": "www.universal-genesis.net"\n  },\n  "status": "valid",\n  "expires": "2017-08-28T20:03:28Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349191",\n      "token": "_cL7NqQCvXkOuwTygM-Ipgl1dL_IvpbcqS4muV0auHA"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192",\n      "token": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4",\n      "keyAuthorization": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.PbSgXpz-MGh5YtZYoYZtjz40kT2whzVISFb1VQepHno",\n      "validationRecord": [\n        {\n          "hostname": "www.universal-genesis.net",\n          "port": "443",\n          "addressesResolved": [\n            "51.254.117.51",\n            "2001:41d0:401:3100::7917"\n          ],\n          "addressUsed": "51.254.117.51",\n          "addressesTried": [\n            "2001:41d0:401:3100::7917"\n          ]\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349193",\n      "token": "JI9BnCilQOAGS1dare1cV8VffEkiJ9KnlKlZ7b4UMZY"\n    }\n  ],\n  "combinations": [\n    [\n      2\n    ],\n    [\n      0\n    ],\n    [\n      1\n    ]\n  ]\n}'
2017-08-02 03:28:15,917:DEBUG:acme.client:Storing nonce: UfczZEdNJDxM6311oeUlKml1IZCVwv1vkUKo63OauAI
2017-08-02 03:28:15,917:INFO:certbot.auth_handler:Performing the following challenges:
2017-08-02 03:28:15,918:INFO:certbot.auth_handler:tls-sni-01 challenge for www.universal-genesis.net
2017-08-02 03:28:16,168:DEBUG:certbot_apache.tls_sni_01:Adding Include /etc/httpd/conf/le_tls_sni_01_cert_challenge.conf to /files/etc/httpd/conf/httpd.conf
2017-08-02 03:28:16,168:DEBUG:certbot_apache.tls_sni_01:writing a config file with text:
 <IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName 85006748687a5578a162eb3baf0a119e.d22c9691024528b3332c3c3d77fef45e.acme.invalid
    UseCanonicalName on
    SSLStrictSNIVHostCheck on

    LimitRequestBody 1048576

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /var/lib/letsencrypt/hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.crt
    SSLCertificateKeyFile /var/lib/letsencrypt/hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.pem

    DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/
</VirtualHost>

</IfModule>

2017-08-02 03:28:16,203:DEBUG:certbot.reverter:Creating backup of /etc/httpd/conf/httpd.conf
2017-08-02 03:28:19,348:INFO:certbot.auth_handler:Waiting for verification...
2017-08-02 03:28:19,349:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "keyAuthorization": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.PbSgXpz-MGh5YtZYoYZtjz40kT2whzVISFb1VQepHno",\n  "type": "tls-sni-01"\n}'
2017-08-02 03:28:19,352:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjRiWFVWTmtxdU5md05MUHlPV0pRZmo3QllrTGNYTmZmX3RhbGtlWVBKUU5ENFYwNUxpN3VIdC1jMEQ1dllvR1BEQU16MTJ4Zi1TSXh6V1hueUVnNnVXeS03WnZZUTExRndlQXFDNHFvXzBlNWJmcFZqSXhyNEI3VjlWTzZVREJFOURMOHV6cjdnQWJMOEw2UmNkU0dKVnVRQTIzQkRCUUFadGk3VWtBYml5ZW5FY2RtYm5WcmktN1VwVFZ6NnZ2djZUTTlUNmdlWGpMZW16dTVNb3JVT21fbjFlOWZZQU9SYXhNTzdMNlZOSGJVZWk2MV81RjA3dWh5SDNYb2txQlE3bHZEeFhob0RzSWtXbWhESDJUYVJuVVJBZGI0RThfSGV0M1JfNlBzVWE4U2VfRVNkLWJzQnlGSFRUck8tNmlMTlZKNWgyNWlUc1ZvX01xeHRuRlZtdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiVWZjelpFZE5KRHhNNjMxMW9lVWxLbWwxSVpDVnd2MXZrVUtvNjNPYXVBSSJ9",
  "signature": "yLRtNVoTFb6pv1x07iNyWGQ7c9e4H0dw65uGJHUikVE5IrEFSv_xDZ7woz9eV7yoMwinLBSwXLRfK0tU5RqHZdeRfCBsROXIRtr51eXc3P1wFyEJXowB-TlS6w3qnAaVQYpoyI5ZSbv334RShDeJVwWTpwBrxam9OUWvhVCmDqd1bt3_ZQnGoYBBTVNP5KsdhqCNLhuXtEw5Lq53pnZljEhOIml-Bj-yT99yqsVWaJkB9mzoZpO1rtctB7hSbI6q5GoamYS3h3CYPI5taDL8FBnA96i3lTvmH9WegY-XaLCGg2rfvvFPouLwm9qbrpwxHSDYyJ7i66YGt-jZkBCX3Q",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJrZXlBdXRob3JpemF0aW9uIjogImhVbkE2R2FLb09lSXE1QTFFWnhFd2NLNlNoS0ItNHo3V3lqZ3pObUlJcjQuUGJTZ1hwei1NR2g1WXRaWW9ZWnRqejQwa1Qyd2h6VklTRmIxVlFlcEhubyIsCiAgInR5cGUiOiAidGxzLXNuaS0wMSIKfQ"
}
2017-08-02 03:28:19,598:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192 HTTP/1.1" 202 651
2017-08-02 03:28:19,599:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 651
Boulder-Request-Id: u8UC0zZN8xuJzW-fK8uIXx4w5DX5VvMFlkXk84Ndxu4
Boulder-Requester: 19247348
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192
Replay-Nonce: FYM6u-b7Jey5IyuQXl-r4xo_UWjcPnoqcr93djZ8OK0
Expires: Wed, 02 Aug 2017 03:28:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:17 GMT
Connection: keep-alive

b'{\n  "type": "tls-sni-01",\n  "status": "valid",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192",\n  "token": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4",\n  "keyAuthorization": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.PbSgXpz-MGh5YtZYoYZtjz40kT2whzVISFb1VQepHno",\n  "validationRecord": [\n    {\n      "hostname": "www.universal-genesis.net",\n      "port": "443",\n      "addressesResolved": [\n        "51.254.117.51",\n        "2001:41d0:401:3100::7917"\n      ],\n      "addressUsed": "51.254.117.51",\n      "addressesTried": [\n        "2001:41d0:401:3100::7917"\n      ]\n    }\n  ]\n}'
2017-08-02 03:28:19,599:DEBUG:acme.client:Storing nonce: FYM6u-b7Jey5IyuQXl-r4xo_UWjcPnoqcr93djZ8OK0
2017-08-02 03:28:22,603:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk.
2017-08-02 03:28:22,794:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk HTTP/1.1" 200 1486
2017-08-02 03:28:22,795:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1486
Boulder-Request-Id: r5GDj9oaWfFOmmdOPsmJmyg6XRcO01VOZ4YAf8i2FnU
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: XJ7yE4KcP6K8QCGAErYB5xJKYpQkw9-EvH6DQ5aSY3A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 02 Aug 2017 03:28:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:21 GMT
Connection: keep-alive

b'{\n  "identifier": {\n    "type": "dns",\n    "value": "www.universal-genesis.net"\n  },\n  "status": "valid",\n  "expires": "2017-08-28T20:03:28Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349191",\n      "token": "_cL7NqQCvXkOuwTygM-Ipgl1dL_IvpbcqS4muV0auHA"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "valid",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349192",\n      "token": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4",\n      "keyAuthorization": "hUnA6GaKoOeIq5A1EZxEwcK6ShKB-4z7WyjgzNmIIr4.PbSgXpz-MGh5YtZYoYZtjz40kT2whzVISFb1VQepHno",\n      "validationRecord": [\n        {\n          "hostname": "www.universal-genesis.net",\n          "port": "443",\n          "addressesResolved": [\n            "51.254.117.51",\n            "2001:41d0:401:3100::7917"\n          ],\n          "addressUsed": "51.254.117.51",\n          "addressesTried": [\n            "2001:41d0:401:3100::7917"\n          ]\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Kfj62wzqaFcpM2LBzky_LM5wKf232PnBpQwDj8w2mMk/1642349193",\n      "token": "JI9BnCilQOAGS1dare1cV8VffEkiJ9KnlKlZ7b4UMZY"\n    }\n  ],\n  "combinations": [\n    [\n      2\n    ],\n    [\n      0\n    ],\n    [\n      1\n    ]\n  ]\n}'
2017-08-02 03:28:22,797:INFO:certbot.auth_handler:Cleaning up challenges
2017-08-02 03:28:23,196:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
2017-08-02 03:28:23,198:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
2017-08-02 03:28:23,198:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/0009_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICfDCCAWQCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQm\nj55AU/q+8jU3DxQ5REShn++NQCji8Kj90UeY7xEjhLfZsDe/SKRR91TxJmqJGVvD\nwN6iisqND0v0g5aYmULxxugelatHeD5S2Io/ZBypsLMix79itzDrA++s8UHNcm0Q\nonAut1PuHHiqT9x+ZnaxJs/7qTP5avGbDdcbBfjWiv4d1ohU1xB64lFHvBFbp0wu\nzzTPPpQyT5ZAdlPPdIi/AfX9w1PA5vruBqzgfXG9YpGQOe0slcJBhEQCkRpDa/wc\nLZIk/mv8Z8n0drPLb5V0tQ45my/BfwIlgCv2ADn6xKaCW47Fmp3dY+YM5zlBpUJ/\nvM34zFESrRqO6agK7H8CAwEAAaA3MDUGCSqGSIb3DQEJDjEoMCYwJAYDVR0RBB0w\nG4IZd3d3LnVuaXZlcnNhbC1nZW5lc2lzLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEA\nhMK0vq7mAH+4KLuf9dDljCLoSwkVxlkaSFXY70BXWf2K/QGX9aNbIrkOdZ82j79R\n1HKFxlwIzYhjvBwBswvDxlMTXZaTIHY4eBJnEdJzjheZjE5LpUefFRHKj5wAK3mi\nhIXxFOWsesEZuXNvKlbuFMHY1ootDX37+69/Db2ddHoP8jSYSjG1LIE1Eq50KpHl\n2nwnn5tSTFbzBQ/2X03U3URDbqzJljj0wv3sD1LMvWZEkbxcIqYm1HdeMdV9I+9k\nZ5lc+S92cf07i+GkeoLdBNr5ErzagnsehoN6zfJQlB5wUdtsMPkcqHtzhztw4rFU\n9RbGAz3yfFgjj29LX0W1BA==\n-----END CERTIFICATE REQUEST-----\n', form='pem'), domains: ['www.universal-genesis.net']
2017-08-02 03:28:23,199:DEBUG:acme.client:Requesting issuance...
2017-08-02 03:28:23,199:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "new-cert",\n  "csr": "MIICfDCCAWQCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQmj55AU_q-8jU3DxQ5REShn--NQCji8Kj90UeY7xEjhLfZsDe_SKRR91TxJmqJGVvDwN6iisqND0v0g5aYmULxxugelatHeD5S2Io_ZBypsLMix79itzDrA--s8UHNcm0QonAut1PuHHiqT9x-ZnaxJs_7qTP5avGbDdcbBfjWiv4d1ohU1xB64lFHvBFbp0wuzzTPPpQyT5ZAdlPPdIi_AfX9w1PA5vruBqzgfXG9YpGQOe0slcJBhEQCkRpDa_wcLZIk_mv8Z8n0drPLb5V0tQ45my_BfwIlgCv2ADn6xKaCW47Fmp3dY-YM5zlBpUJ_vM34zFESrRqO6agK7H8CAwEAAaA3MDUGCSqGSIb3DQEJDjEoMCYwJAYDVR0RBB0wG4IZd3d3LnVuaXZlcnNhbC1nZW5lc2lzLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAhMK0vq7mAH-4KLuf9dDljCLoSwkVxlkaSFXY70BXWf2K_QGX9aNbIrkOdZ82j79R1HKFxlwIzYhjvBwBswvDxlMTXZaTIHY4eBJnEdJzjheZjE5LpUefFRHKj5wAK3mihIXxFOWsesEZuXNvKlbuFMHY1ootDX37-69_Db2ddHoP8jSYSjG1LIE1Eq50KpHl2nwnn5tSTFbzBQ_2X03U3URDbqzJljj0wv3sD1LMvWZEkbxcIqYm1HdeMdV9I-9kZ5lc-S92cf07i-GkeoLdBNr5ErzagnsehoN6zfJQlB5wUdtsMPkcqHtzhztw4rFU9RbGAz3yfFgjj29LX0W1BA"\n}'
2017-08-02 03:28:23,202:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjRiWFVWTmtxdU5md05MUHlPV0pRZmo3QllrTGNYTmZmX3RhbGtlWVBKUU5ENFYwNUxpN3VIdC1jMEQ1dllvR1BEQU16MTJ4Zi1TSXh6V1hueUVnNnVXeS03WnZZUTExRndlQXFDNHFvXzBlNWJmcFZqSXhyNEI3VjlWTzZVREJFOURMOHV6cjdnQWJMOEw2UmNkU0dKVnVRQTIzQkRCUUFadGk3VWtBYml5ZW5FY2RtYm5WcmktN1VwVFZ6NnZ2djZUTTlUNmdlWGpMZW16dTVNb3JVT21fbjFlOWZZQU9SYXhNTzdMNlZOSGJVZWk2MV81RjA3dWh5SDNYb2txQlE3bHZEeFhob0RzSWtXbWhESDJUYVJuVVJBZGI0RThfSGV0M1JfNlBzVWE4U2VfRVNkLWJzQnlGSFRUck8tNmlMTlZKNWgyNWlUc1ZvX01xeHRuRlZtdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiRllNNnUtYjdKZXk1SXl1UVhsLXI0eG9fVVdqY1Bub3FjcjkzZGpaOE9LMCJ9",
  "signature": "4Iq39Gec1XZG8xRaJK67j9VVqOhHb8M4N_JEqVHJlL1Cnqs131JUNuyeYcb29BP9jOg7qUE2hcH-DTf3m1tJuWhuDBVBIBo9p_8FZF338m8TZziNskKb1c6mzexmALabKc7M59VWrUY2s-weXyaMsaSIMiAXUvocgf24ZTOZaNJLxTWqGC7Z_SN3bdct4-ett4PCqDEy2RqOkJ-EbJ2TnfUvB3zCULd7ECHX7gcn0R_z9yj6girdhcjJF99dcVmaBki8fxGuQNXnyI9eT91lQ_00ZNCS9D5cX-xhCgXFmMIJZUMJDDxUQ740siwZ9VZH7YyHLSuNUOnbvQtuPyL1pw",
  "payload": "ewogICJyZXNvdXJjZSI6ICJuZXctY2VydCIsCiAgImNzciI6ICJNSUlDZkRDQ0FXUUNBUUl3QURDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFFtajU1QVVfcS04alUzRHhRNVJFU2huLS1OUUNqaThLajkwVWVZN3hFamhMZlpzRGVfU0tSUjkxVHhKbXFKR1Z2RHdONmlpc3FORDB2MGc1YVltVUx4eHVnZWxhdEhlRDVTMklvX1pCeXBzTE1peDc5aXR6RHJBLS1zOFVITmNtMFFvbkF1dDFQdUhIaXFUOXgtWm5heEpzXzdxVFA1YXZHYkRkY2JCZmpXaXY0ZDFvaFUxeEI2NGxGSHZCRmJwMHd1enpUUFBwUXlUNVpBZGxQUGRJaV9BZlg5dzFQQTV2cnVCcXpnZlhHOVlwR1FPZTBzbGNKQmhFUUNrUnBEYV93Y0xaSWtfbXY4WjhuMGRyUExiNVYwdFE0NW15X0Jmd0lsZ0N2MkFEbjZ4S2FDVzQ3Rm1wM2RZLVlNNXpsQnBVSl92TTM0ekZFU3JScU82YWdLN0g4Q0F3RUFBYUEzTURVR0NTcUdTSWIzRFFFSkRqRW9NQ1l3SkFZRFZSMFJCQjB3RzRJWmQzZDNMblZ1YVhabGNuTmhiQzFuWlc1bGMybHpMbTVsZERBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWhNSzB2cTdtQUgtNEtMdWY5ZERsakNMb1N3a1Z4bGthU0ZYWTcwQlhXZjJLX1FHWDlhTmJJcmtPZFo4Mmo3OVIxSEtGeGx3SXpZaGp2QndCc3d2RHhsTVRYWmFUSUhZNGVCSm5FZEp6amhlWmpFNUxwVWVmRlJIS2o1d0FLM21paElYeEZPV3Nlc0VadVhOdktsYnVGTUhZMW9vdERYMzctNjlfRGIyZGRIb1A4alNZU2pHMUxJRTFFcTUwS3BIbDJud25uNXRTVEZiekJRXzJYMDNVM1VSRGJxekpsamowd3Yzc0QxTE12V1pFa2J4Y0lxWW0xSGRlTWRWOUktOWtaNWxjLVM5MmNmMDdpLUdrZW9MZEJOcjVFcnphZ25zZWhvTjZ6ZkpRbEI1d1VkdHNNUGtjcUh0emh6dHc0ckZVOVJiR0F6M3lmRmdqajI5TFgwVzFCQSIKfQ"
}
2017-08-02 03:28:23,401:DEBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-cert HTTP/1.1" 429 190
2017-08-02 03:28:23,403:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Content-Type: application/problem+json
Content-Length: 190
Boulder-Request-Id: qC3SNt5sk-SVAf1Q8y_4LhWCOkOSV9-M4-lSVE1az3c
Boulder-Requester: 19247348
Replay-Nonce: ZrQ2FsRHdFxAb8rqOxuK8JOS1ZZN8sHylWszc2tIzTg
Expires: Wed, 02 Aug 2017 03:28:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 02 Aug 2017 03:28:21 GMT
Connection: close

b'{\n  "type": "urn:acme:error:rateLimited",\n  "detail": "Error creating new cert :: too many certificates already issued for exact set of domains: www.universal-genesis.net",\n  "status": 429\n}'
2017-08-02 03:28:23,403:DEBUG:acme.client:Storing nonce: ZrQ2FsRHdFxAb8rqOxuK8JOS1ZZN8sHylWszc2tIzTg
2017-08-02 03:28:23,404:ERROR:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.16.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 743, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 598, in run
    certname, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 77, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 297, in renew_cert
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/usr/lib/python3.6/site-packages/certbot/client.py", line 335, in obtain_certificate
    domains, csr, authzr=authzr)
  File "/usr/lib/python3.6/site-packages/certbot/client.py", line 277, in obtain_certificate_from_csr
    authzr)
  File "/usr/lib/python3.6/site-packages/acme/client.py", line 313, in request_issuance
    headers={'Accept': content_type})
  File "/usr/lib/python3.6/site-packages/acme/client.py", line 682, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/acme/client.py", line 695, in _post_once
    return self._check_response(response, content_type=content_type)
  File "/usr/lib/python3.6/site-packages/acme/client.py", line 582, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: www.universal-genesis.net

Topic		Replies	Views
Unable to set ssl Help	84	4522	February 17, 2021
Trying to install certbot I broke Apache Help	60	1440	April 23, 2024
Oracle Linux 7.7/apache/certbot installation (URGENT HELP)) Help	19	2222	January 26, 2020
How to (re)create cert - I just have standard Apache vhost config files for port 80, 443 Help	28	256	April 24, 2025
Certbot error instead of ssl Help	8	867	December 22, 2020

Archlinux | how to configur Let's encrypt

Which names would you like to activate HTTPS for?

1: domain1.com
2: www.domain1.com
3: vps429820.ovh.net
4: universal-genesis.net
5: www.universal-genesis.net

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

logs

Archlinux | how to configur Let's encrypt

Which names would you like to activate HTTPS for?

1: domain1.com 2: www.domain1.com 3: vps429820.ovh.net 4: universal-genesis.net 5: www.universal-genesis.net

What would you like to do?

1: Attempt to reinstall this existing certificate 2: Renew & replace the cert (limit ~5 per 7 days)

logs

Related topics

1: domain1.com
2: www.domain1.com
3: vps429820.ovh.net
4: universal-genesis.net
5: www.universal-genesis.net

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)