Hello,
recently i had to update my (allready expired) SSL certificate for my domain. I ran the command certbot renew, which placed a valid certificate in my file system but kept the expired one at the same time. The old one was placed into /etc/letsencrypt/live/watchtrainer.de and the new one in _/etc/letsencrypt/live/watchtrainer.de-0001._Unfortunately the webserver still used the expired one in the first mentioned, old directory.
These two directories have one thing in common. They both contain the key files_fullchain.pem_ and privkey.pem. Obviously, my nginx server still used the old ones to encrypt sessions. So I found myself removing both key files in the old directory (…/watchtrainer.de) to eventually replace them by symbolic links to the new keys in the new folder (…/watchtrainer.de-0001).
The operation was succesfull. The server uses the valid certificate but the command certbot renew displays an error related to my manipulations. Can I somehow completely remove the certs and start from scratch or can i just ignore the errors ?
My domain is:
watchtrainer.de
I ran this command:
certbot renew
It produced this output:
**Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/watchtrainer.de.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for api.watchtrainer.de
tls-sni-01 challenge for watchtrainer.de
tls-sni-01 challenge for www.watchtrainer.de
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (watchtrainer.de) from /etc/letsencrypt/renewal/watchtrainer.de.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: api.watchtrainer.de,watchtrainer.de,www.watchtrainer.de: see https://letsencrypt.org/docs/rate-limits/. Skipping.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/watchtrainer.de-0001.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Plugins selected: Authenticator nginx, Installer None
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/watchtrainer.de/fullchain.pem (failure)
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/watchtrainer.de-0001/fullchain.pem expires on 2019-01-30 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/watchtrainer.de/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)**
My web server is (include version):
nginx/1.12.2
The operating system my web server runs on is (include version):
CentOS Linux release 7.5.1804 (Core)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):