Cerbtot with Bitnami - Folder Configured for Keys/Certs is not /etc/live so certs need to be copied

Please fill out the fields below so we can help you better.

My domain is: wheisenberg.com

I ran this command: ./certbot-auto certonly -d wheisenberg.com

It produced this output:How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wheisenberg.com

Select the webroot for wheisenberg.com:

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1
Input the webroot for wheisenberg.com: (Enter ‘c’ to cancel):/opt/bitnami/apps/wordpress/htdocs
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: wheisenberg.com
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 3.13.0-100-generic

My hosting provider, if applicable, is: Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I was able to successfully renew this domain several times. Now I guess I’ve done it too many times. But every time I got to the domain itself, my browser says it’s insecure. I have restarted apache several times. Rebooted the server. Cleared the cache in 3 separate browsers and it still comes up that the certificate is expired.

I remember there was a tutorial somewhere for Bitnami that recommended copying the certificates from /etc/letsencrypt/ to somewhere else. Perhaps you followed that?

If so, what it didn’t mention was that if you copy the certificates, you need to copy them again after each renewal, before you restart Apache.

A better approach is to edit the Apache configuration files to read the certificates directly from /etc/letsencrypt/live/, where the symbolic links will be automatically updated by the renewal process.

Hi @websmyths,

Yes, several times :wink:

CRT ID     DOMAIN (CN)      VALID FROM              VALID TO                EXPIRES IN  SANs
145830368  wheisenberg.com  2017-May-29 19:04 CEST  2017-Aug-27 19:04 CEST  89 days     wheisenberg.com
145809315  wheisenberg.com  2017-May-29 18:40 CEST  2017-Aug-27 18:40 CEST  89 days     wheisenberg.com
145808673  wheisenberg.com  2017-May-29 18:37 CEST  2017-Aug-27 18:37 CEST  89 days     wheisenberg.com
145807361  wheisenberg.com  2017-May-29 18:31 CEST  2017-Aug-27 18:31 CEST  89 days     wheisenberg.com
145804619  wheisenberg.com  2017-May-29 18:16 CEST  2017-Aug-27 18:16 CEST  89 days     wheisenberg.com
106414441  wheisenberg.com  2017-Mar-19 21:47 CET   2017-Jun-17 22:47 CEST  19 days     wheisenberg.com
97730723   wheisenberg.com  2017-Feb-28 15:07 CET   2017-May-29 16:07 CEST  0 days      cynergii.com

Let me guess what is happening. Your first cert included 4 domains, and the common name was wheisenberg.com so I suppose the cert is located at /etc/letsencrypt/live/wheisenberg.com/ but you issued a new cert just for domain wheisenberg.com, so as you had already the path /etc/letsencrypt/live/wheisenberg.com/, certbot-auto created a new path fpr it, something like /etc/letsencrypt/live/wheisenberg.com-0001/.

Could you please check if you have this path /etc/letsencrypt/live/wheisenberg.com/?, if you already have it, configure your web server to point to it instead of the old one.

I hope it helps.


Thanks, jmorahan and sahsanu. I found the Bitnami instructions, you have to do this:

sudo cp /etc/letsencrypt/live/piwik.dhimmel.com/cert.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/piwik.dhimmel.com/privkey.pem /opt/bitnami/apache2/conf/server.key

Did it. It works! Thanks again!

1 Like

Of course you have to replace the folder with your own.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.