Delete certifieds


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:elchibcha.co

I ran this command:

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/elchibcha.co.conf)

It contains these names: elchibcha.co

You requested these names for the new certificate: elchibcha.co, *.elchibcha.co.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.elchibcha.co,elchibcha.co: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-1060-aws x86_64)

The operating system my web server runs on is (include version):ubuntu

My hosting provider, if applicable, is: amazon web service lightsail

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0


#2

Hi @samaponte28

you have created 5 identical certificates.

https://crt.sh/?q=elchibcha.co

So you can’t create the next certificate.

Why don’t you use one of these certificates? Use one 60 - 85 days, then create the next certificate.

Deleting or revoking the certificates doesn’t reset the limit.

Please read

Revoking certificates does not reset rate limits, because the resources used to issue those certificates have already been consumed.


#3

PS: Checked your domain (via https://check-your-website.server-daten.de/?q=elchibcha.co ):

There is a Bitnami self signed certificate.

CN=www.example.com, OU=Certificate generated at boot time, O=Bitnami
	30.07.2018
	27.07.2028
expires in 3421 days	

If you use Bitnami, you have to do additional steps to install the certificate.


#4

Thanks for the answer, i know that i have 5 certifieds, my problem is, i dont have the TXT records, to configure de DNS records, maybe, maybe you know, where can I find them ?, to be able to configure it. thanks for your help


#5

If you use --manual, Certbot creates and shows the two required TXT entries.

elchibcha.co *.elchibcha.co -> two TXT entries with the same name

_acme-challenge.elchibcha.co

and different values.


#6

Thanks, I do not want to be annoying, but I do not know how to do it, or what commands to use, could you help me please?


#7

You have your command shared:

Use it with your domain- and your wildcard domain name.

sudo certbot -d elchibcha.co -d *.elchibcha.co --manual --preferred-challenges dns certonly

It’s manual, so Certbot shows the TXT entries.


#8

I did it but the answer was the following:
bitnami@ip-172-26-11-17:~$ sudo certbot -d elchibcha.co -d *.elchibcha.co --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/elchibcha.co-0001.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate


Certificate not yet due for renewal; no action taken.



#9

Hola @samaponte28,

You have two different certificates managed by Certbot, named elchibcha.co and elchibcha.co-0001. The first one covers only elchibcha.co but the second one covers both elchibcha.co and *.elchibcha.co.

This is probably an accident, but you don’t need to modify or re-issue the first certificate; you just need to use the elchibcha.co-0001 certificate in your server configuration instead, since it’s already issued and already includes the wildcard.


#10

hello schoen
tahnks but i dont know how can i see the certificate, i need the txt records of the certificate, can you help me?


#11

hello schoen
tahnks but i dont know how can i see the certificate, i need the txt records of the certificate, can you help me?


#12

Why do you need the TXT records? Those are only used for requesting a new certificate.

You can view the details about the certificate by running sudo certbot certificates. You’ll see that the PEM files are in a different location (/etc/letsencrypt/live/elchibcha.co-0001 instead of /etc/letsencrypt/live/elchibcha.co), and you can update your web server configuration to point to that location.


#13

Because im working on amazon lightsail and i need to create this TXT records on mi console, and i lost the TXT records. I dont know what i have to do


#14

Unfortunately, I still don’t understand. Are you trying to create new certificates in the Lightsail environment?

The TXT records are used only in the creation of a new certificate and their values are different every time.


#15

the problem is that I could not deploy the TXT records and I dont know how to verify the certificates through DNS


#16

But why do you need to verify the certificates? You already have a valid certificate on your system that you can use right now.


#17

That’s already done. You have a new certificate

https://crt.sh/?id=1287277586

created 2019-03-13, so use this certificate. Next renew - in 60 days.


#18

But i dont know what i have to do with that, what i the next step? :s sorry


#19

Yes but i dont know how to use it, can you explain me please, the steps, thanks


#20

I don’t remember where the configuration for Bitnami servers is (maybe someone else remembers?). Normally you have to edit text files that are the configuration files for your web server, and change the references to the certificates and keys that appear in those files.