I want to create my certificate ssl again, because I had created this certificate without any problems in other server but I had to change servers, so I had to create the certificate again and to pint another ip address public , but when I run:
$ sudo ./letsencrypt-auto certonly --standalone -d heidelberg.yaroscloud.com
It produced this output:
ubuntu@ip-172-30-0-147:/opt/letsencrypt$ sudo ./letsencrypt-auto certonly --standalone
sudo: unable to resolve host ip-172-30-0-147
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel): heidelberg.yaroscloud.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for heidelberg.yaroscloud.com
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: heidelberg.yaroscloud.com
Please see the logfiles in /var/log/letsencrypt for more details.
Finally I drop all certs , and In my old server I run
sudo ./letsencrypt-auto revoke -d heidelberg.yaroscloud.com --cert-path /etc/letsencrypt/live/heidelberg.yaroscloud.com/cert.pem
and drop all files in /etc/letsencrypt/live, /etc/letsencrypt/renewal, /etc/letsencrypt/archive
but continues without creating a valid certificate
My domain is: heidelberg.yaroscloud.com
The operating system my web server runs on is (include version): ubuntu 14.04
My hosting provider, if applicable, is: aws
There is limit of 5 duplicate certificates per week (where "week" is a sliding window of 7 days; limit doesn't get reset on specific day of week). Regarding revocation, here's relevant part of rate limits description:
Revoking certificates does not reset rate limits, because the resources involved in issuing the certificates have already been used.
You could simply copy all Let's Encrypt files from the old server and they would work - but as you've already revoked your certificate (I would recommend revoking certificates only if private key gets compromised), now you have to wait...
... or you have to use "loophole" in rate limits. Certificate is counted as a duplicate, if it has exact same set of hostnames. Hence, if you request a new certificate for heidelberg.yaroscloud.com and (for example) www.heidelberg.yaroscloud.com, it won't be treated as duplicate one.
Please note that there is also a weekly limit of 20 certificates per domain.
Staging server is used only for testing purposes; certificates it issues are not publicly trusted ("not valid", as you said).
THanks for answering.
I had created this certificate about 2 months ago, this last monday in tomorrow I had revoke and created certificate and I got this same errror
Before I remember that I had created certificate in my new server and I saw this error, then I revoke cert, and then drop files
1st September you issued 6 certificates for heidelberg.yaroscloud.com so you reached the limit.
CRT ID DOMAIN (CN) VALID FROM VALID TO EXPIRES IN SANs
202455387 heidelberg.yaroscloud.com 2017-Sep-01 06:05 CEST 2017-Nov-30 05:05 CET 85 days heidelberg.yaroscloud.com
202455042 heidelberg.yaroscloud.com 2017-Sep-01 06:04 CEST 2017-Nov-30 05:04 CET 85 days heidelberg.yaroscloud.com
202454631 heidelberg.yaroscloud.com 2017-Sep-01 06:03 CEST 2017-Nov-30 05:03 CET 85 days heidelberg.yaroscloud.com
202454289 heidelberg.yaroscloud.com 2017-Sep-01 06:02 CEST 2017-Nov-30 05:02 CET 85 days heidelberg.yaroscloud.com
202453755 heidelberg.yaroscloud.com 2017-Sep-01 06:01 CEST 2017-Nov-30 05:01 CET 85 days heidelberg.yaroscloud.com
202453066 heidelberg.yaroscloud.com 2017-Sep-01 06:00 CEST 2017-Nov-30 05:00 CET 85 days heidelberg.yaroscloud.com
182058317 heidelberg.yaroscloud.com 2017-Aug-01 06:38 CEST 2017-Oct-30 05:38 CET 54 days heidelberg.yaroscloud.com
You have 2 options:
1.- Wait till 8th September to try to renew your cert.
2.- Add one more subdomain/domain to the certificate so you are not reaching the 5 certs limit per same subset of domains per 7 days.
Note: Revoking a certificate has no effects on rate limits and if your private key has not been compromised there is no need to revoke a certificate.
thank you, very match for answering mr sahsanu
but , I haven’t create any certificate again or renew this date
I remeber that I had created or try renew on sunday , I’m sorry but i don’t remember i’m confused . where can I see this log or information , like that table pls , because in my logs’ ? I dont see pls .
thanks again
since install letsencrypt from https://github.com/letsencrypt/letsencrypt
I have this error each 30 second sometimes but when i created my cert for domain heidelberg.yaroscloud.com ,
this cert was created with this name : heidelberg.yaroscloud.com-0001 . I don’t think the problem is my configuration because I change my configuration to the previous configuration and now I have the same problem.
In my log nginx I dont see nothing.
and when I check in this page https://certificate.revocationcheck.com
I see that my certificate not exists , but I used https://heidelberg.yaroscloud.com this morning , with errors but I used .
It's sometimes a bad sign when you have this. It means you have two separate overlapping certificates managed by Certbot, which are stored in different places. It would be a result of having use --duplicate or answering "Duplicate" to the question about whether you wanted to make a new certificate that already covered some of the names in an existing certificate.
You can find out about the locations where your certificates are stored, and what they cover, by running sudo ./letsencrypt-auto certificates. (We no longer refer to the software as letsencrypt-auto; its name was changed to Certbot more than a year ago.)
I remember when I try created my certificate again and I revoke my certificate with
sudo ./letsencrypt-auto revoke -d heidelberg.yaroscloud.com --cert-path /etc/letsencrypt/live/heidelberg.yaroscloud.com/cert.pem
also I used
sudo ./letsencrypt-auto certonly --server https://acme-staging.api.letsencrypt.org/directory
and then create cert I suposse like this create heidelberg.yaroscloud.com-0001 , beacause I couldn’t before.
ubuntu@ip-172-30-0-147:/opt/letsencrypt$ sudo ./letsencrypt-auto certificates
sudo: unable to resolve host ip-172-30-0-147
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/heidelberg.yaroscloud.com.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
Found the following certs:
Certificate Name: heidelberg.yaroscloud.com-0001
Domains: heidelberg.yaroscloud.com
Expiry Date: 2017-12-16 16:59:00+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/privkey.pem
The following renewal configuration files were invalid:
/etc/letsencrypt/renewal/heidelberg.yaroscloud.com.conf
================================================
before yesterday I delete all log of certbot I do not know what else I can do please, thank you very much for your comments
It sounds like you edited /etc/letsencrypt/renewal/heidelberg.yaroscloud.com.conf in a way that made it invalid. Could you post the contents of that file?
… in the first i have (heidelberg.yaroscloud.com-001.conf) :
renew_before_expiry = 30 days
version = 0.18.1
archive_dir = /etc/letsencrypt/archive/heidelberg.yaroscloud.com-0001
cert = /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/cert.pem
privkey = /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/privkey.pem
chain = /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/chain.pem
fullchain = /etc/letsencrypt/live/heidelberg.yaroscloud.com-0001/fullchain.pem
Options used in the renewal process
[renewalparams]
authenticator = standalone
installer = None
account = c43685e05d5de5131e8516918de4417d
and the second (heidelberg.yaroscloud.com.conf) a I hava nothing
We’re wondering about the reason for the empty renewal configuration file. If you don’t know why it was empty, would you be willing to share your logs from /var/log/letsencrypt in case they might reveal the reason?
It’s pretty strange! Could you share your log files from /var/log/letsencrypt? (Maybe uploading them somewhere other than the forum because they’ll be pretty large.)
Thanks! Sadly, all of these files are too recent to show the underlying reason why your other renewal configuration file was empty.
They do show why you encountered the “too many certificates already issued” error. You are using --renew-by-default in an automated renewal process. The --renew-by-default option has been renamed to --force-renewal and should normally never be used in an automated task. It means “renew this now, even if a recently renewal certificate already exists”, which is likely to run into rate limits.
What we suggest running automatically instead is certbot renew, which checks to see whether each certificate is less than 30 days away from expiry before attempting to renew it.
It looks like you might have a cron job running once per minute that tries to do the --force-renewal (e.g. with * * * * * as the time specification). We think twice per day is often enough, but in any case if you switch to certbot renew instead of --force-renewal, it should stop trying to renew so frequently.
hi mr schoen
i saw that my cron was * * * /2 * /home/ubuntu/scrpit.sh i thank that this run each 2 months , know I drop this cron and scrpit I was wrong, know I deleted cron and script.
but when I created my cert, this create in heidelberg.yaroscloud.com-0001. What can i do? I only need cert to heidelberg.yaroscloud.com , maybe I should revoke certificates with
sudo ./letsencrypt-auto revoke --cert-path /etc/letsencrypt/live/heidelberg.yaroscloud.com/cert.pem -d heidelberg.yaroscloud.com
and wait another week more, and recreate certificate but I have scary that they’re wrong again.
It’s not necessary to revoke certificates in this case, and it doesn’t affect the rate limit.
It could be OK that your certificate is stored in heidelberg.yaroscloud.com-0001 and your certificate might be fine now. I know I said that I was concerned about the fact that you had both heidelberg.yaroscloud.com-0001 and heidelberg.yaroscloud.com, but apparently only the first of these is working and there is not necessarily anything wrong with the certificate. Did you try configuring that certificate to be used in some application?
)