Error when getting certificate


#1

My domain is:
electrogamez.nl

I ran this command:
#certbot --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for electrogamez.nl
Enabled Apache rewrite module
Waiting for verification…
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Cleaning up challenges
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: electrogamez.nl: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version):
Apache2

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Keep getting the error

/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)

Any fix for this?


#2

That’s just a warning – it takes up a lot of space on your screen but doesn’t do any more harm than that. It’s also been fixed in a newer version.

You’re getting an error from the CA because there already are a lot of certificates.

https://crt.sh/?q=electrogamez.nl

Do you know why? Can you use one of them?


#3

Yeah, I tried it a couple of times now. But every time I went to https://electrogamez.nl/ google chrome gives a https insecure error. How do i use an existing cert?


#4

How did you issue the other certificates and where did they go?

What does “certbot certificates” show?

I get a “connection refused” error on https://electrogamez.nl/. It seems Apache doesn’t have HTTPS configured, or there’s a firewall or port forwarding issue?


#5

output:

wouter@r2-d2:~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


No certs found.

What would be the command to make a new cert (for a other domain name) gonna try and see if that one works.


#6

How did you issue the other certificates and where did they go? >
I was trying to pinpoint the problem, reinstalled certbot a couple of times. Looked like I was running a old version. That should be fixed. I just installed it with sudo apt install certbot python-certbot-apache


#7

I made tried adding https to my other domain hedium.nl:

output of sudo certbot --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: electrogamez.nl
2: hedium.nl
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Obtaining a new certificate
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for hedium.nl
Enabled Apache rewrite module
Waiting for verification...
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Cleaning up challenges
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Created an SSL vhost at /etc/apache2/sites-available/hedium.nl-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/hedium.nl-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/hedium.nl-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/hedium.nl.conf to ssl vhost in /etc/apache2/sites-available/hedium.nl-le-ssl.conf

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://hedium.nl

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hedium.nl
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hedium.nl/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hedium.nl/privkey.pem
   Your cert will expire on 2019-02-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

https://hedium.nl/ gives the same error as electrogamez.nl did a couple of hours ago.


#8

allright, BIG nevermind…

I mainly run Windows on my pc. And I booted into linux a couple hours ago. Just noticed my windows time is not correct anymore… Yeah SSL wont work then.

Thanks for the help tho!