Certificate is expiring on 2022-03-09 but renew not allowed

Frankie · March 4, 2022, 2:34am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.cyberexcel.com.hk

I ran this command: certbot renew

It produced this output:
Attempting to renew cert (mail.cyberexcel.com.hk) from /etc/letsencrypt/renewal/mail.cyberexcel.com.hk.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt. Skipping.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.6 LTS

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no. I use ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.27.0

========
It used certbot renew --dry-run , and it shows me renew success. But when I do certbot renew, it failed with about message.

The certificate is going to expiry on 9-March. And I have no clue what do to.

Thanks you very much for the help!

Wish you all great day everyday!

_az · March 4, 2022, 2:36am

Wait an hour for the rate limit to subside and try again, without --dry-run.

It should either succeed, or we will be able to observe the real underlying error message, if any.

Frankie · March 4, 2022, 4:10am

Thank you very much for the prompt reply.

Actually, it happens yesterday night and I wait for 8 hours and try it in the morning and it still gives me the same quota error.
Anyway, I will try it again 3 more hours later.
letsencrypt.txt (552.9 KB)

I also attached the log for reference.

Many Thanks!

_az · March 4, 2022, 4:26am

Something weird is going on with your situation.

There are only 2 live orders in that log file, 3 hours apart: 2022-03-04 06:13:32 and 2022-03-04 09:34:12.

Both of them got rejected due to rate limits, but the rate limit in question only lasts 1 hour. This doesn't make sense. We are missing some information.

Is there any chance you cloned this server and the old one is still running?
Are there other log files in /var/log/letsencrypt/ which have been recently modified?
Is the same ACME account being used elsewhere?

Frankie · March 4, 2022, 7:20am

Problem solved!

Thank you very much for your help!

You pinned the issue ==> 1. Is there any chance you cloned this server and the old one is still running?

Exactly, there is a clone I did 2 months ago just for extra backup and inside that I forget to disable the wrongly configured cron job.

With your super keen insight, I solve the issue which make me feel bad for a day.

Thank you once again and wish you all the best!

system · April 3, 2022, 7:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.