Certbot renew in windows error

My domain is:ahead.kerala.gov.in

I ran this command:certbot renew

It produced this output:Failed to renew certificate ahead.kerala.gov.in with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

My web server is (include version):IIS 10

The operating system my web server runs on is (include version):windows 2016 DC

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.24.0

Hi @pks, and welcome to the LE community forum :slight_smile:

This error doesn't explain why it failed previously:

It only states that you've tried to renew it too many times [recently].

Let's have a look at the certbot log file.
[not sure where that is in Windows]

2 Likes
error is: Fetching http://ahead.kerala.gov.in/.well-known/acme-challenge/e0qtFf6IubViOb4oYqXhCyhGaQiiaQ2rVKG4di_byH4: Timeout during connect (likely firewall problem)

log file :  Fetching http://www.ahead.kerala.gov.in/.well-known/acme-challenge/FKq2CYCmbyZH8wAv_A8wtlo2MSm_X5Clz3PySBw4zQc: Timeout during connect (likely firewall problem)

  Domain: ahead.kerala.gov.in
  Type:   connection
  Detail: Fetching http://ahead.kerala.gov.in/.well-known/acme-challenge/0L3KLZO9zS-4mQNC8SRC4CNZvR0GmFJ3P-9nikb54HA: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-11-16 14:43:26,325:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-11-16 14:43:26,325:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-11-16 14:43:26,325:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-11-16 14:43:26,325:DEBUG:certbot._internal.plugins.webroot:Removing C:\ahead_4.6\.well-known\acme-challenge\FKq2CYCmbyZH8wAv_A8wtlo2MSm_X5Clz3PySBw4zQc
2023-11-16 14:43:26,325:INFO:certbot._internal.plugins.webroot:Cleaning web.config file generated by Certbot in C:\ahead_4.6\.well-known\acme-challenge.
2023-11-16 14:43:26,325:DEBUG:certbot._internal.plugins.webroot:Removing C:\ahead_4.6\.well-known\acme-challenge\0L3KLZO9zS-4mQNC8SRC4CNZvR0GmFJ3P-9nikb54HA
2023-11-16 14:43:26,325:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-11-16 14:43:26,325:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "runpy.py", line 197, in _run_module_as_main
  File "runpy.py", line 87, in _run_code
  File "C:\Program Files (x86)\Certbot\bin\certbot.exe\__main__.py", line 29, in <module>
    sys.exit(main())
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 19, in main
    return internal_main.main(cli_args)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1679, in main
    return config.func(config, plugins)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 1538, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\main.py", line 127, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\renewal.py", line 345, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 441, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\client.py", line 493, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "C:\Program Files (x86)\Certbot\pkgs\certbot\_internal\auth_handler.py", line 206, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-11-16 14:43:26,341:ERROR:certbot._internal.log:Some challenges have failed.

This is the problem:

Is your site accessible from the Internet?

2 Likes

There also seems to be a DNS CAA issue:
Let's Debug (letsdebug.net)

2 Likes

yes its is

Not from my IP:

curl -Ii http://ahead.kerala.gov.in/
curl: (56) Recv failure: Connection reset by peer

Not from this random testing site on the Internet:
Ahead.kerala.gov.in - Is Ahead Down Right Now? (isitdownrightnow.com)
image

2 Likes

may be available only in india

Then something has changed since your last renewal on 2023-08-21:


It must have been accessible then.

If it will longer be accessible via HTTP, you will have to change the authentication method to DNS.

3 Likes

not working in HTTP

Then, we are agreed on that.

How would you like to proceed?

  • speak with your IT folks and restore HTTP access.
  • speak with your DNS folks to see if that is a viable option
4 Likes

Are you working with Dilan? I tried to renew one our website certificate using the certify the web manager and it shows "too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/". i need your support for to know how to fix this issue - #2 by webprofusion - Question - Certify The Web - Support Community

3 Likes

now port 80 is enabled and telnet is their for 80. and now shows error
Failed to renew certificate ahead.kerala.gov.in with error: Problem binding to port 80: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions

certbot may need exclusive rights to use HTTP on port 80.
If anything else [like IIS] is already bound to port 80, certbot will have that problem.
You can:

  • stop whatever is using port 80 [like IIS]
    so that certbot can use it and then restart after use

  • use another ACME client [more compatible with Windows (and IIS)]
    note: certbot for Windows will soon be "retired"

But I still can't reach your site:

curl -Ii http://ahead.kerala.gov.in/
curl: (56) Recv failure: Connection reset by peer
2 Likes

I'd suggest that you consider using https://certifytheweb.com (which I develop) or win-acme as these can both work alongside IIS and will install a PFX in the certificate store and update IIS bindings. Certbot is optimised for use with things like Apache and nginx.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.