Certbot not generating keys in live folder


#1

At this point, I think I’ve maxed out my requests to lets encrypt for keys. It’s kind of driving me crazy. I’m trying to secure staging.bikologi.com, and certbot isn’t generating my certificates. Although it says it’s successful, there is not staging.bikologi.com folder inside of /etc/letsencrypt/live/. help?

Please fill out the fields below so we can help you better.

My domain is:staging.bikologi.com

I ran this command:sudo certbot certonly --manual

It produced this output:successful

My operating system is (include version):os x

My web server is (include version):heroku node buildpack

My hosting provider, if applicable, is:heroku

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Well, you have certainly obtained some certs ( see https://www.google.com/transparencyreport/https/ct/?hl=en#domain=staging.bikologi.com&incl_exp=false&incl_sub=false ) so in that sense it has been successful.

so take care of continuing to run certbot - otherwise you could hit rate limits :wink:

are you running this as root ? what files are there in /etc/letsencrypt/live ?


#3

yeah, definitely have the certs generated… rate limit has been hit too. this is what gets generated…


#4

Was there any information in the output - when it said “successful” about where it had stored the files ? I’d be tempted to use “locate” or “find” to look for the files. I don’t use certbot myself, but thought it should have placed them in /etc/letsencrypt…


#5

It noted that they would be in /etc/letsencrypt/live/staging.bikologi.com/

i grepped my machine, no certificates or folders to be found that match. not really sure about this. i used lets encrypt a few weeks back for our production domain, maybe this has something to do with it?

any better alternatives for generating certificates?


#6

It does seem really odd that the certs aren’t where they should be ( and where it said that it put them )

was it on the same machine on your production domain ( I assume not ) … in which case, apart from affecting limits, it shouldn’t make a difference.

Since you have hit the rate limits, all the alternatives won’t work - because you have hit the rate limits ( unfortunately ). certbot is the “official” client and usually works well. Personally I use an alternate client ( purely because it meets my needs of being able to work remotely from the server ). Hopefully someone more familiar with certbot will have some ideas you can try as soon as you are over the rate limit ( or, if you have the private key, you can manually get one of the existing certs and manually configure things )


#7

serverco, I used https://gethttpsforfree.com/ for the production name before I knew there was something better. as far as the actual subdomain, I’m going to generate a new one and see if I can’t secure that.

for whatever reason, heroku was giving me an error from the certs generated from https://gethttpsforfree.com/, saying that they required a passphrase, and I couldn’t get around that.

I do have an existing key, where can I get one of those existing certificates?


Heroku and Lets Encrypt
#8

I’d usually grab them from https://crt.sh/?q=staging.bikologi.com … it takes a few hours for them to show up though, and they aren’t there yet. They should be there shortly though. Hopefully someone knows where they may appear quicker.


#9

fyi, i was able to reproduce with another subdomain. this is what’s happening.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.