Please fill out the fields below so we can help you better.
My domain is: wheisenberg.com
I ran this command: ./certbot-auto certonly -d wheisenberg.com
It produced this output:How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wheisenberg.com
1: Enter a new webroot
Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for wheisenberg.com: (Enter ‘c’ to cancel):/opt/bitnami/apps/wordpress/htdocs
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: wheisenberg.com
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 3.13.0-100-generic
My hosting provider, if applicable, is: Amazon Web Services
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I was able to successfully renew this domain several times. Now I guess I’ve done it too many times. But every time I got to the domain itself, my browser says it’s insecure. I have restarted apache several times. Rebooted the server. Cleared the cache in 3 separate browsers and it still comes up that the certificate is expired.
I remember there was a tutorial somewhere for Bitnami that recommended copying the certificates from
/etc/letsencrypt/ to somewhere else. Perhaps you followed that?
If so, what it didn’t mention was that if you copy the certificates, you need to copy them again after each renewal, before you restart Apache.
A better approach is to edit the Apache configuration files to read the certificates directly from
/etc/letsencrypt/live/, where the symbolic links will be automatically updated by the renewal process.
Yes, several times
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
145830368 wheisenberg.com 2017-May-29 19:04 CEST 2017-Aug-27 19:04 CEST 89 days wheisenberg.com
145809315 wheisenberg.com 2017-May-29 18:40 CEST 2017-Aug-27 18:40 CEST 89 days wheisenberg.com
145808673 wheisenberg.com 2017-May-29 18:37 CEST 2017-Aug-27 18:37 CEST 89 days wheisenberg.com
145807361 wheisenberg.com 2017-May-29 18:31 CEST 2017-Aug-27 18:31 CEST 89 days wheisenberg.com
145804619 wheisenberg.com 2017-May-29 18:16 CEST 2017-Aug-27 18:16 CEST 89 days wheisenberg.com
106414441 wheisenberg.com 2017-Mar-19 21:47 CET 2017-Jun-17 22:47 CEST 19 days wheisenberg.com
97730723 wheisenberg.com 2017-Feb-28 15:07 CET 2017-May-29 16:07 CEST 0 days cynergii.com
Let me guess what is happening. Your first cert included 4 domains, and the common name was
wheisenberg.com so I suppose the cert is located at
/etc/letsencrypt/live/wheisenberg.com/ but you issued a new cert just for domain
wheisenberg.com, so as you had already the path
/etc/letsencrypt/live/wheisenberg.com/, certbot-auto created a new path fpr it, something like
Could you please check if you have this path
/etc/letsencrypt/live/wheisenberg.com/?, if you already have it, configure your web server to point to it instead of the old one.
I hope it helps.
Thanks, jmorahan and sahsanu. I found the Bitnami instructions, you have to do this:
sudo cp /etc/letsencrypt/live/piwik.dhimmel.com/cert.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/piwik.dhimmel.com/privkey.pem /opt/bitnami/apache2/conf/server.key
Did it. It works! Thanks again!
Of course you have to replace the folder with your own.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.