Getting rateLimited. It appears that certbot is renewing every certificate not just those that are under 30 days to expiration.
Version : certbot 0.10.2
Please fill out the fields below so we can help you better.
My domain is: https://www.flyershop.com Example expires 10/25/2017 and it is attempting to renew the certificate again.
#renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/www.flyershop.com/cert.pem
privkey = /etc/letsencrypt/live/www.flyershop.com/privkey.pem
chain = /etc/letsencrypt/live/www.flyershop.com/chain.pem
fullchain = /etc/letsencrypt/live/www.flyershop.com/fullchain.pem
I ran this command: /usr/bin/certbot renew --no-self-upgrade
It produced this output:
My web server is (include version):Haproxy
The operating system my web server runs on is (include version):Debian Jessie
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Do you have a file
/etc/letsencrypt/cli.ini? If so, could you post its contents?
If not, can you post the output of
openssl x509 -noout -dates -in /etc/letsencrypt/live/www.flyershop.com/cert.pem?
Thank you for the quick reply.
#authenticator = letsencrypt-haproxy:auth
email = firstname.lastname@example.org
root@ip-10-6-0-202:/etc/letsencrypt/scripts# openssl x509 -noout -dates -in /etc/letsencrypt/live/www.flyershop.com/cert.pem
notBefore=Jul 25 11:37:00 2017 GMT
notAfter=Oct 23 11:37:00 2017 GMT
I’m going to go ahead and guess that your ‘renew-by-default’ line is causing this behavior. That is the (deprecated) command line flag to ignore expiry period and force renewal. Try taking that out?
This really shows why I should not have called it “renew-by-default”. That was sure to confuse people, and is still confusing them.
The option has now been renamed “force-renewal”, which I hope is clearer. We should try to find old tutorials that mention “renew-by-default” and get people to remove that name from their tutorials!
@jozwikjp, I’m glad you got this cleared up!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.