Certbot-auto renew - too many failed authorizations


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
mobiledatabook.net
mobiledatabooks.net

www.mobiledatabook.net
www.mobiledatabooks.net

I ran this command:

./certbot-auto renew

It produced this output:

timeout - after many attempts got following:
too many failed authorizations

My web server is (include version):

Golang based

The operating system my web server runs on is (include version):

macOS

My hosting provider, if applicable, is:

self hosting

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

n/a


#2

Hi,

You are hitting hourly rate limits for failed attempts.

Please wait for an hour and try again.

In the meanwhile, you can test your issuerance process by adding --staging after parameters (certbot or certbot-auto only)

Thank you


#3

I did again and here is what I got:

==========================
Requesting to rerun ./certbot-auto with root privileges…


Processing /etc/letsencrypt/renewal/mobiledatabook.net.conf


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mobiledatabook.net/fullchain.pem (failure)

IMPORTANT NOTES:

==========================


#4

Hi,

This happens because you have a not accessible IPV6 record configured.

Please remove that ipv6 record and try again.

Thank you


#5

Curiosity, where do you see about the ipv6 record? I’m getting similiar errors on part of my problem, and wondering if it could be related?


#6

Please let me know how to test if ipv6 is accessible or not?


#7

Hi,

I’m using mxtoolbox.com to check records. (Also has he.net mobile app but it takes longer time)

Please don’t use others issue post to discuss your issue since it might be unrelated and confusing for future readers.

Thank you


#8

You can test it in different ways.

First way, use a ipv6 accessible server to curl / ping it.

Second, using your ipv6 accessible mobile browser, enter your IP address with []. E.g [2001:57a:ef00::25]

Third, initiciate a port scan using ipv6 addresses.

Thank you


#9

I understand now where my issue is:
Moved www.mobiledatabook.net to point to different server.

So I need to have:
mobiledatabooks.net
www.mobiledatabooks.net

On Server #1

and

mobiledatabook.net
www.mobiledatabook.net

On Server #2

So basically I’m executing the commands on Server #1
where I will be serving:
mobiledatabooks.net
www.mobiledatabooks.net

But the certificate has info about the other domain too.

How to have a certificate with only one domain?


#10

I don’t think your explanation makes sense here. All four names mobiledatabook.net, www.mobiledatabook.net, mobiledatabooks.net, and www.mobiledatabooks.net are currently pointing at the same server, 98.190.6.20 or 2001:57a:ef00::24.


#11

yes, because didn’t got response, I redirected them. purchased a new domain
to be for the other server.

—Constantine


#12

Both domains are pointed at the same server right now, so the existence of the other server wouldn’t be the reason that your certificate renewal fails.


#13

it is OK now. I waited for response how to
separate them, but decided to go clean with separate domain.

—Constantine


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.