Exceeded number of attempts to install cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
is there anyway to reset the cert count and get site up on ssl cert

My domain is:chatamerica.us

I ran this command:sudo certbot --apache

It produced this output:exceeded number of certs

My web server is (include version):apache 2.4.41

The operating system my web server runs on is (include version):Ubuntu 20.04

My hosting provider, if applicable, is:self

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin 1.179

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.16.0

1 Like

Welcome to the Let's Encrypt Community, Keith :slightly_smiling_face:

I see several concerns here. First, I want to make sure your certificate covers all of the necessary domain names. According to the certificate history of chatamerica.us, all of the following domain names were present on previous certificates:

chatamerica.us
www.chatamerica.us
bbb.chatamerica.us

I'm assuming from the IP address for chatamerica.us that you are self-hosting.

What are the outputs of:

sudo certbot certificates

sudo apachectl -S
1 Like

If you're running into an installation problem, it isn't necessary to re-issue a new certificate, as you already have one. When asked, just answer the question if you want to re-issue or re-install with re-install.

And please show the entire output of the certbot command, including any choice presented, including your answer.

2 Likes

Found the following certs:
Certificate Name: chatamerica.us
Serial Number: 3ab933d1cdda54e100dd70328606ba0c93f
Key Type: RSA
Domains: chatamerica.us
Expiry Date: 2021-09-29 20:35:08+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/chatamerica.us/fullchain.pem
Private Key Path: /etc/letsencrypt/live/chatamerica.us/privkey.pem

root@chatamerica:/var/log# sudo apachectl -S
VirtualHost configuration:
192.168.1.87:443 chatamerica.us (/etc/apache2/sites-enabled/chatamerica.us .conf:1)
192.168.1.87:80 is a NameVirtualHost
default server chatamerica.us (/etc/apache2/sites-enabled/friendica.con f:1)
port 80 namevhost chatamerica.us (/etc/apache2/sites-enabled/friendica. conf:1)
alias http://www.chatamerica.us
alias https://chatamerica.us
port 80 namevhost chatamerica.us (/etc/apache2/sites-enabled/webmin.162 5194638.conf:1)
*:80 chatamerica.us (/etc/apache2/sites-enabled/000-default.co nf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
You have new mail in /var/mail/root

1 Like

Thanks for that. :slightly_smiling_face:

Yep. There are several problems.

What are the outputs of:

sudo ls -lRa /etc/letsencrypt

sudo ls -lRa /etc/apache2/sites-available

sudo ls -lRa /etc/apache2/sites-enabled

sudo cat /etc/apache2/sites-enabled/000-default.conf

sudo cat /etc/apache2/sites-enabled/chatamerica.us.conf

sudo cat /etc/apache2/sites-enabled/friendica.conf

sudo cat /etc/apache2/sites-enabled/webmin.1625194638.conf

Please put 3 backticks above and below each output, like this:

```
output
```

griffin Regular
July 2

Thanks for that. :slightly_smiling_face:

Yep. There are several problems.

What are the outputs of: sudo ls -lRa /etc/letsencrypt

root@chatamerica:~# sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 44
drwxr-xr-x   9 root root 4096 Jul  3 03:01 .
drwxr-xr-x 108 root root 4096 Jul  2 17:15 ..
-rw-r--r--   1 root root   64 Jul  1 21:28 .updated-options-ssl-apache-conf-digest.txt
drwx------   3 root root 4096 Jul  1 21:28 accounts
drwx------   3 root root 4096 Jul  1 21:29 archive
drwxr-xr-x   2 root root 4096 Jul  2 17:06 csr
drwx------   2 root root 4096 Jul  2 17:06 keys
drwx------   3 root root 4096 Jul  2 17:17 live
-rw-r--r--   1 root root  924 Jul  1 21:28 options-ssl-apache.conf
drwxr-xr-x   2 root root 4096 Jul  2 17:06 renewal
drwxr-xr-x   5 root root 4096 Jul  1 21:28 renewal-hooks

/etc/letsencrypt/accounts:
total 12
drwx------ 3 root root 4096 Jul  1 21:28 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
drwx------ 3 root root 4096 Jul  1 21:28 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwx------ 3 root root 4096 Jul  1 21:28 .
drwx------ 3 root root 4096 Jul  1 21:28 ..
drwx------ 3 root root 4096 Jul  1 21:28 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Jul  1 21:28 .
drwx------ 3 root root 4096 Jul  1 21:28 ..
drwx------ 2 root root 4096 Jul  1 21:28 2269129d75feaf0140de9703eca55a00

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/2269129d75feaf0140de9703eca55a00:
total 20
drwx------ 2 root root 4096 Jul  1 21:28 .
drwx------ 3 root root 4096 Jul  1 21:28 ..
-rw-r--r-- 1 root root   71 Jul  1 21:28 meta.json
-r-------- 1 root root 1632 Jul  1 21:28 private_key.json
-rw-r--r-- 1 root root   79 Jul  1 21:28 regr.json

/etc/letsencrypt/archive:
total 12
drwx------ 3 root root 4096 Jul  1 21:29 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
drwxr-xr-x 2 root root 4096 Jul  2 17:06 chatamerica.us

/etc/letsencrypt/archive/chatamerica.us:
total 68
drwxr-xr-x 2 root root 4096 Jul  2 17:06 .
drwx------ 3 root root 4096 Jul  1 21:29 ..
-rw-r--r-- 1 root root 1838 Jul  1 21:29 cert1.pem
-rw-r--r-- 1 root root 1842 Jul  1 21:35 cert2.pem
-rw-r--r-- 1 root root 1870 Jul  2 17:06 cert3.pem
-rw-r--r-- 1 root root 3749 Jul  1 21:29 chain1.pem
-rw-r--r-- 1 root root 3749 Jul  1 21:35 chain2.pem
-rw-r--r-- 1 root root 3749 Jul  2 17:06 chain3.pem
-rw-r--r-- 1 root root 5587 Jul  1 21:29 fullchain1.pem
-rw-r--r-- 1 root root 5591 Jul  1 21:35 fullchain2.pem
-rw-r--r-- 1 root root 5619 Jul  2 17:06 fullchain3.pem
-rw------- 1 root root 1704 Jul  1 21:29 privkey1.pem
-rw------- 1 root root 1704 Jul  1 21:35 privkey2.pem
-rw------- 1 root root 1704 Jul  2 17:06 privkey3.pem

/etc/letsencrypt/csr:
total 24
drwxr-xr-x 2 root root 4096 Jul  2 17:06 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
-rw-r--r-- 1 root root  924 Jul  1 21:29 0000_csr-certbot.pem
-rw-r--r-- 1 root root  924 Jul  1 21:35 0001_csr-certbot.pem
-rw-r--r-- 1 root root  924 Jul  1 21:52 0002_csr-certbot.pem
-rw-r--r-- 1 root root  952 Jul  2 17:06 0003_csr-certbot.pem

/etc/letsencrypt/keys:
total 24
drwx------ 2 root root 4096 Jul  2 17:06 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
-rw------- 1 root root 1704 Jul  1 21:29 0000_key-certbot.pem
-rw------- 1 root root 1704 Jul  1 21:35 0001_key-certbot.pem
-rw------- 1 root root 1704 Jul  1 21:52 0002_key-certbot.pem
-rw------- 1 root root 1704 Jul  2 17:06 0003_key-certbot.pem

/etc/letsencrypt/live:
total 16
drwx------ 3 root root 4096 Jul  2 17:17 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
-rw-r--r-- 1 root root  740 Jul  1 21:29 README
drwxr-xr-x 2 root root 4096 Jul  2 17:18 chatamerica.us

/etc/letsencrypt/live/chatamerica.us:
total 12
drwxr-xr-x 2 root root 4096 Jul  2 17:18 .
drwx------ 3 root root 4096 Jul  2 17:17 ..
-rw-r--r-- 1 root root  692 Jul  1 21:29 README
lrwxrwxrwx 1 root root   38 Jul  2 17:06 cert.pem -> ../../archive/chatamerica.us/cert3.pem
lrwxrwxrwx 1 root root   39 Jul  2 17:06 chain.pem -> ../../archive/chatamerica.us/chain3.pem
lrwxrwxrwx 1 root root   43 Jul  2 17:06 fullchain.pem -> ../../archive/chatamerica.us/fullchain3.pem
lrwxrwxrwx 1 root root   41 Jul  2 17:06 privkey.pem -> ../../archive/chatamerica.us/privkey3.pem

/etc/letsencrypt/renewal:
total 12
drwxr-xr-x 2 root root 4096 Jul  2 17:06 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
-rw-r--r-- 1 root root  529 Jul  2 17:06 chatamerica.us.conf

/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Jul  1 21:28 .
drwxr-xr-x 9 root root 4096 Jul  3 03:01 ..
drwxr-xr-x 2 root root 4096 Jul  1 21:28 deploy
drwxr-xr-x 2 root root 4096 Jul  1 21:28 post
drwxr-xr-x 2 root root 4096 Jul  1 21:28 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Jul  1 21:28 .
drwxr-xr-x 5 root root 4096 Jul  1 21:28 ..

/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Jul  1 21:28 .
drwxr-xr-x 5 root root 4096 Jul  1 21:28 ..

/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Jul  1 21:28 .
drwxr-xr-x 5 root root 4096 Jul  1 21:28 ..
sudo ls -lRa /etc/apache2/sites-available

root@chatamerica:~# sudo ls -lRa /etc/apache2/sites-available
/etc/apache2/sites-available:
total 32
drwxr-xr-x 2 root root 4096 Jul  2 17:25 .
drwxr-xr-x 8 root root 4096 Jul  2 17:06 ..
-rw-r--r-- 1 root root 1332 Apr 13  2020 000-default.conf
-rw-r--r-- 1 root root  478 Jul  2 17:25 chatamerica.us.conf
-rw-r--r-- 1 root root 6338 Apr 13  2020 default-ssl.conf
-rw-r--r-- 1 root root  466 Jul  1 21:49 friendica.conf
-rw-r--r-- 1 root root  251 Jul  2 02:57 webmin.1625194638.conf
sudo ls -lRa /etc/apache2/sites-enabled

root@chatamerica:~# sudo ls -lRa /etc/apache2/sites-enabled
/etc/apache2/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Jul  2 02:57 .
drwxr-xr-x 8 root root 4096 Jul  2 17:06 ..
lrwxrwxrwx 1 root root   35 Jun 29 23:37 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root   48 Jul  1 21:40 chatamerica.us.conf -> /etc/apache2/sites-available/chatamerica.us.conf
lrwxrwxrwx 1 root root   33 Jun 30 00:11 friendica.conf -> ../sites-available/friendica.conf
lrwxrwxrwx 1 root root   51 Jul  2 02:57 webmin.1625194638.conf -> /etc/apache2/sites-available/webmin.1625194638.conf

sudo cat /etc/apache2/sites-enabled/000-default.conf

root@chatamerica:~# sudo cat /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
You have new mail in /var/mail/root
sudo cat /etc/apache2/sites-enabled/chatamerica.us.conf

root@chatamerica:~# sudo cat /etc/apache2/sites-enabled/chatamerica.us.conf
<VirtualHost 192.168.1.87:443>
    DocumentRoot "/var/www/html/friendica"
    <Directory "/var/www/html/friendica">
        allow from all
        Options None
        Require all granted
    </Directory>
    ServerAlias www.chatamerica.us chatamerica.us
    ServerAdmin admin@chatamerica.us
    ServerName chatamerica.us
SSLCertificateFile /etc/letsencrypt/live/chatamerica.us/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chatamerica.us/privkey.pem
</VirtualHost>
sudo cat /etc/apache2/sites-enabled/friendica.conf

root@chatamerica:~# sudo cat /etc/apache2/sites-enabled/friendica.conf
<VirtualHost 192.168.1.87:80>
     ServerAdmin admin@chatamerica.us
     DocumentRoot /var/www/html/friendica
     ServerName chatamerica.us


     <Directory /var/www/html/friendica/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     ServerAlias http://www.chatamerica.us https://chatamerica.us
</VirtualHost>
You have new mail in /var/mail/root
sudo cat /etc/apache2/sites-enabled/webmin.1625194638.conf 

root@chatamerica:~# sudo cat /etc/apache2/sites-enabled/webmin.1625194638.conf
<VirtualHost 192.168.1.87:80>
    DocumentRoot /var/www/html/friendica-directory/public
    <Directory "/var/www/html/friendica-directory/public">
        allow from all
        Options None
        Require all granted
    </Directory>
</VirtualHost>

Thank for the help
Keith

2 Likes
  1. Remove the cruft.
sudo a2dissite 000-default.conf

sudo a2dissite friendica.conf

sudo a2dissite webmin.1625194638.conf

sudo rm /etc/apache2/sites-available/chatamerica.us.conf

sudo rm /etc/apache2/sites-available/friendica.conf

sudo rm /etc/apache2/sites-available/webmin.1625194638.conf
  1. Install the correct Apache configuration file.

Download this file:
chatamerica.us.conf.txt (421 Bytes)

Remove the .txt from the end of the file's name.

Put the file in:
/etc/apache2/sites-available

  1. Reload Apache.

sudo apachectl -k graceful

  1. Acquire and install the correct certificate.

sudo certbot --cert-name chatamerica.us --apache -d "chatamerica.us,www.chatamerica.us"

2 Likes

Sir,
Can you tell me what I might need to fix for this error, the site is up and working without certs fine

Thank you for any assistance you can give

Keith

3 Likes

What are the outputs of:

sudo apachectl -S

sudo ls -lRa /etc/apache2/sites-available

sudo ls -lRa /etc/apache2/sites-enabled

sudo cat /etc/apache2/sites-enabled/chatamerica.us.conf
2 Likes
sudo apachectl -S
<img src="http://127.0.0.1:1129/service/home/~/?auth=co&amp;id=a6135951-5842-4bc6-b93f-371acf0e7ac2:514&amp;part=2.2" style="word-wrap: break-word !important;">

sudo ls -lRa /etc/apache2/sites-available
<img src="http://127.0.0.1:1129/service/home/~/?auth=co&amp;id=a6135951-5842-4bc6-b93f-371acf0e7ac2:514&amp;part=2.3" style="word-wrap: break-word !important;">

sudo ls -lRa /etc/apache2/sites-enabled
<img src="http://127.0.0.1:1129/service/home/~/?auth=co&amp;id=a6135951-5842-4bc6-b93f-371acf0e7ac2:514&amp;part=2.4" style="word-wrap: break-word !important;">

sudo cat /etc/apache2/sites-enabled/chatamerica.us.conf

<img src="http://127.0.0.1:1129/service/home/~/?auth=co&amp;id=a6135951-5842-4bc6-b93f-371acf0e7ac2:514&amp;part=2.5" style="word-wrap: break-word !important;">
I think the last one is the issue, but am not sure how it should look
ThanksKeith
2 Likes

All I got were a bunch of HTML image entities pointing to local content.

1 Like

I think you would be asking this about the last request
sudo cat /etc/apache2/sites-enabled/friendica.conf

2 Likes

Given the instructions I gave before, /etc/apache2/sites-enabled/friendica.conf should not even exist.

Please follow the instructions I gave here exactly:

1 Like

Ok Griffin, the cert took but now the site is all unformated but I don't think that's your problem. Thanks for the help

2 Likes

You likely have "mixed content" (resources referenced with http:// instead of https://) on the page. You can use https://www.missingpadlock.com/ to help identify these. You can also view the source code of your pages in your browser to find these elements. A telltale sign is if your browser says the page is insecure via an open or missing padlock even though the address bar shows https.

I ran the SSL Labs Server Test on chatamerica.us:

https://www.ssllabs.com/ssltest/analyze.html?d=chatamerica.us

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.