I created certifs the same way one month ago , it worked fine
first I get 404 errors like below
then I reestablish my http virtual host and I get the error in the title
I retried with --test-cert, same 404 error although my site is accessible
[ edit: I found the 404 issue, my virtual host was not pointing to /var/www/html/gencert
but what about the too many invalid …?]
My domain is: catalog.edenred-qa.be
I ran this command:
sudo certbot certonly -n --webroot -d catalog.edenred-qa.be -w /var/www/html/gencert --cert-path /etc/letsencrypt/live/catalog.edenred-qa.be/ --key-path /etc/letsencrypt/live/catalog.edenred-qa.be
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for catalog.edenred-qa.be
Using the webroot path /var/www/html/gencert for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. catalog.edenred-qa.be (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://catalog.edenred-qa.be/.well-known/acme-challenge/K8ejk8QWVwOZAJBSD46MVSyxP7BQnWDQwJxinh2dlFA: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: catalog.edenred-qa.be
Type: unauthorized
Detail: Invalid response from
http://catalog.edenred-qa.be/.well-known/acme-challenge/K8ejk8QWVwOZAJBSD46MVSyxP7BQnWDQwJxinh2dlFA:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
now it gives :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
Please see the logfiles in /var/log/letsencrypt for more details.
My operating system is (include version): debian 8.5
My web server is (include version): apache 2.4
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
cat /var/log/letsencrypt/letsencrypt.log
2017-05-10 09:14:55,158:DEBUG:certbot.main:Root logging level set at 20
2017-05-10 09:14:55,159:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-05-10 09:14:55,160:DEBUG:certbot.main:certbot version: 0.9.3
2017-05-10 09:14:55,160:DEBUG:certbot.main:Arguments: ['-n', '--webroot', '-d', 'catalog.edenred-qa.be', '-w', '/var/www/html/gencert', '--cert-path', '/etc/letsencrypt/live/catalog.edenred-qa.be/', '--key-path', '/etc/letsencrypt/live/catalog.edenred-qa.be']
2017-05-10 09:14:55,161:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-05-10 09:14:55,161:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-05-10 09:14:55,164:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7ff01ff932d0>
Prep: True
2017-05-10 09:14:55,165:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7ff01ff932d0> and installer None
2017-05-10 09:14:55,185:DEBUG:certbot.main:Picked account: <Account(346345a7ff0e02e171ef1f424f515311)>
2017-05-10 09:14:55,187:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-05-10 09:14:55,189:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-05-10 09:14:55,520:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-05-10 09:14:55,521:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '352', 'expires': 'Wed, 10 May 2017 09:06:33 GMT', 'boulder-request-id': 'IW-EZ9FeCtrtLCUTqK8I2atXAfxBnKSjXexW0igM3dY', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Wed, 10 May 2017 09:06:33 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': 'l59MRx3QK9a81lTinBG6M0wp06SwcT_RlUScQg-mPeg'}. Content: '{\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-05-10 09:14:55,521:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '352', 'expires': 'Wed, 10 May 2017 09:06:33 GMT', 'boulder-request-id': 'IW-EZ9FeCtrtLCUTqK8I2atXAfxBnKSjXexW0igM3dY', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Wed, 10 May 2017 09:06:33 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': 'l59MRx3QK9a81lTinBG6M0wp06SwcT_RlUScQg-mPeg'}): '{\n "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-05-10 09:14:55,529:INFO:certbot.main:Obtaining a new certificate
2017-05-10 09:14:55,529:DEBUG:root:Requesting fresh nonce
2017-05-10 09:14:55,529:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2017-05-10 09:14:55,737:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-05-10 09:14:55,738:DEBUG:root:Received <Response [405]>. Headers: {'content-length': '91', 'pragma': 'no-cache', 'boulder-request-id': 'dzcb1q1vcdNsr_RkcxgeUaz7Q2KRSuYhJjSxfEv1jyw', 'expires': 'Wed, 10 May 2017 09:06:34 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'allow': 'POST', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Wed, 10 May 2017 09:06:34 GMT', 'content-type': 'application/problem+json', 'replay-nonce': 'zENiJLkj5bJfVqEp2itSY52hQQE_2H81C-xQDkYTWPM'}. Content: ''
2017-05-10 09:14:55,739:DEBUG:acme.client:Storing nonce: '\xccCb$\xb9#\xe5\xb2_V\xa1)\xda+Rc\x9d\xa1A\x01?\xd8\x7f5\x0b\xecP\x0eF\x13X\xf3'
2017-05-10 09:14:55,741:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
2017-05-10 09:14:55,741:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "catalog.edenred-qa.be"}, "resource": "new-authz"}
2017-05-10 09:14:55,743:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-05-10 09:14:55,748:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-05-10 09:14:55,749:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wY0sa4a85gvdbsOcvY2ngi20-ngetbJs6qTxFEtomXkxSKjULNCt12Vpnj8bw7jX0FnXBBbwOI-Bkwanq_dS5Awy3-Ywr7MYDotK0Jr6dvYBcxqAsp5VwwuTmWmOLzpMLAAeuVUkdfxGoflRDvy7dIMmr8xLuH8NPZxV1PB1uwG-_u1X5Txnq6gaKlOIQcB-tpTS1IDP_-GzYwoOSqIFTZXnxRj-ItaPkXmwQL4NZvIlrg1LuakLUXES_uCImUpMYoIjefLSV3Cz0t0gR4qrVT_fN7TQ2m7-IN6VrdZXnm9H5pJ_wx9gM1r-MloJxOJ6qpgq4vWdUb_dbt2tfc-F9Q"}}, "protected": "eyJub25jZSI6ICJ6RU5pSkxrajViSmZWcUVwMml0U1k1MmhRUUVfMkg4MUMteFFEa1lUV1BNIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJjYXRhbG9nLmVkZW5yZWQtcWEuYmUifSwgInJlc291cmNlIjogIm5ldy1hdXRoeiJ9", "signature": "JlgRiKOBIPyQkE4ZAGNtdluu-sub9auBRU4Y2pXpKhszy6zrit7r6OMd9X3sfVR8Yqo4EHp1nht1XiDtEr7jimCSaNT3Dx87luSyW4tlSmrAFD0APHeKGFj44Wf44xRh_kNj8JiQE2LpgBLMvNjSsHRiLPBi9wdYtP6KtzP-aWOdnbaliAKKrx9tyVHT7ZMNaOx8wVIOTN3P5zkDqag1cEXIL1xhLR9-2aJ1zf9Zq8oVPMmHYrhiRk7PmUB210SisQbp5Mg_fpi4UW76p0BXrMskGZqif7e8RGYAip7_r3Zpk9bEnmMT2gHtIOogvfTuj23y8twsjjhIW2gWgkPVKg"}'}
2017-05-10 09:14:55,989:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 429 144
2017-05-10 09:14:55,992:DEBUG:root:Received <Response [429]>. Headers: {'content-length': '144', 'boulder-request-id': 'fJJtGm2Zh-MC19y9aZHo_9bspu8zb9OjKg4x89LY7OA', 'expires': 'Wed, 10 May 2017 09:06:34 GMT', 'server': 'nginx', 'cache-control': 'max-age=0, no-cache, no-store', 'connection': 'close', 'pragma': 'no-cache', 'boulder-requester': '8510608', 'date': 'Wed, 10 May 2017 09:06:34 GMT', 'content-type': 'application/problem+json', 'replay-nonce': '-CipAh0SfoH2nZsnS5JlveGbTR0QsgslEbB4yySKsZI'}. Content: '{\n "type": "urn:acme:error:rateLimited",\n "detail": "Error creating new authz :: Too many invalid authorizations recently.",\n "status": 429\n}'
2017-05-10 09:14:55,993:DEBUG:acme.client:Storing nonce: "\xf8(\xa9\x02\x1d\x12~\x81\xf6\x9d\x9b'K\x92e\xbd\xe1\x9bM\x1d\x10\xb2\x0b%\x11\xb0x\xcb$\x8a\xb1\x92"
2017-05-10 09:14:55,993:DEBUG:acme.client:Received response <Response [429]> (headers: {'content-length': '144', 'boulder-request-id': 'fJJtGm2Zh-MC19y9aZHo_9bspu8zb9OjKg4x89LY7OA', 'expires': 'Wed, 10 May 2017 09:06:34 GMT', 'server': 'nginx', 'cache-control': 'max-age=0, no-cache, no-store', 'connection': 'close', 'pragma': 'no-cache', 'boulder-requester': '8510608', 'date': 'Wed, 10 May 2017 09:06:34 GMT', 'content-type': 'application/problem+json', 'replay-nonce': '-CipAh0SfoH2nZsnS5JlveGbTR0QsgslEbB4yySKsZI'}): '{\n "type": "urn:acme:error:rateLimited",\n "detail": "Error creating new authz :: Too many invalid authorizations recently.",\n "status": 429\n}'
2017-05-10 09:14:55,996:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in <module>
load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 776, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 563, in obtain_cert
action, _ = _auth_from_domains(le_client, config, domains, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 100, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 281, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 253, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 68, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File "/usr/lib/python2.7/dist-packages/acme/client.py", line 210, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File "/usr/lib/python2.7/dist-packages/acme/client.py", line 190, in request_challenges
new_authz)
File "/usr/lib/python2.7/dist-packages/acme/client.py", line 649, in post
return self._check_response(response, content_type=content_type)
File "/usr/lib/python2.7/dist-packages/acme/client.py", line 565, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.