Can we obatin the new ssl certificate from same domain again


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: welldoneindia.co.in

I ran this command:
sudo certbot --apache -d welldoneindia.co.in -d www.welldoneindia.co.in -d app.welldoneindia.co.in

It produced this output:
aving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for app.welldoneindia.co.in
http-01 challenge for welldoneindia.co.in
http-01 challenge for www.welldoneindia.co.in
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.welldoneindia.co.in (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.welldoneindia.co.in/.well-known/acme-challenge/imZPGYLGvvrFWdQKS_-Oaw5DBpcjbCthVhUMXMNON2M: Timeout during connect (likely firewall problem), welldoneindia.co.in (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://welldoneindia.co.in/.well-known/acme-challenge/VHXMtX5yQA68J7Lq98rIA26M3Ywh9NwA5j9pFr6AjGs: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
AWS EC2 cloud computing

I can log in to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#2

Hi @lalit

you can create a new certificate, max. 5 certificates / week with the same set of domain names.

But there

https://crt.sh/?id=1140072156

is alread a certificate with these three domain names, created yesterday.

And your setting is curious:

Because now /.well-known/acme-challenge is open ( https://check-your-website.server-daten.de/?q=welldoneindia.co.in ):

Domainname Http-Status redirect Sec. G
• http://welldoneindia.co.in/
35.154.101.44 -14 10.027 T
Timeout - The operation has timed out
• http://www.welldoneindia.co.in/
35.154.101.44 -14 10.027 T
Timeout - The operation has timed out
• https://welldoneindia.co.in/
35.154.101.44 -14 10.027 T
Timeout - The operation has timed out
• https://www.welldoneindia.co.in/
35.154.101.44 -14 10.026 T
Timeout - The operation has timed out
• http://welldoneindia.co.in/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.154.101.44 404 9.256 A
Not Found
• http://www.welldoneindia.co.in/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.154.101.44 404 0.256 A
Not Found

The standard urls have a timeout - but the critical /.well-known/acme-challenge answers with a good http status 404 - not found. That’s ok, because the file is unknown.

And if /.well-known/acme-challenge answers correct, you should be able to create a new certificate.

But first use

certbot certificates

to see your certificate.


#3

@JuergenAuer
DAMN! Now I am getting the new error message from lets encrypt

An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

Any possible to make it working now ?


#4

Wait one hour.

Or use the test system by adding --dry-run. That has it’s own limits.

But don’t install the test certificate.


#5

After an hour, it will work, If i did’t use the test certificate @JuergenAuer


#6

I just see I haven’t enabled the Http port from the inbound section of AWS, that’s why letsencrypt not able to reach

Did you mean I can get 5 certificates from letsencrypt for app.welldoneindia.co.in or total for welldoneindia.co.in including subdomains as well

@JuergenAuer


#7

This

www.welldoneindia.co.in
welldoneindia.co.in
app.welldoneindia.co.in

is a set of domain names -> five identical per week.

But there is a second limit - 50 certificates per week per domain.


#8

Thanks @JuergenAuer
Info was helpful, 5 Stars , Bit late

50 certificates is enough , i have make it working once and after that make it renew the same after 3 months


#9

Renew it before 3 months (or it will be expired).

ACME clients should check to renew often (up to twice a day - every day).
And once it is close to expiring, it should start trying to renew (30 days before it expires).


closed #10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.