Failed/success renewal

I am using docker lojzik/letsencrypt container for issuing and renewal certs process for ssl certificates from lets encrypt.

My domain is: agroanalytics.pro

I ran this command: docker run --rm -it -v "/root/letsencrypt/log:/var/log/letsencrypt" -v "/var/sites/mocada/certbot:/var/www" -v "/etc/letsencrypt:/etc/letsencrypt" -v "/root/letsencrypt/lib:/var/lib/letsencrypt" lojzik/letsencrypt certonly --webroot --webroot-path /var/www/ -d agroanalytics.pro

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for agroanalytics.pro
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/agroanalytics.pro/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/agroanalytics.pro/privkey.pem
   Your cert will expire on 2019-03-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version): nginx

The operating system my web server runs on is (include version): Debian

My cert expired on 2019-03-01. I run this command on 2019-03-03, but this produces me the same expire date. From response: “Your cert will expire on 2019-03-03”.

Why? Whats wrong?

Hi @dima_kovalchukv

there are some problems.

First, you have already created 5 certificates today.

https://crt.sh/?q=agroanalytics.pro

So you have hitted the limit.

Second, your configuration isn’t good ( https://check-your-website.server-daten.de/?q=agroanalytics.pro ):

Ipv4 and ipv6:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
agroanalytics.pro A 185.65.247.179 yes 1 0
AAAA 2a05:480:0:f7b3::2 yes
www.agroanalytics.pro A 185.65.247.179 yes 1 0
AAAA 2607:5300:60:9457::2 yes

but with different content:

Domainname Http-Status redirect Sec. G
http://agroanalytics.pro/
185.65.247.179 301 https://agroanalytics.pro/ 0.090 A
http://agroanalytics.pro/
2a05:480:0:f7b3::2 301 https://agroanalytics.pro/ 0.086 A
http://www.agroanalytics.pro/
185.65.247.179 301 https://agroanalytics.pro/ 0.090 E
http://www.agroanalytics.pro/
2607:5300:60:9457::2 404 0.220 M
Not Found
https://www.agroanalytics.pro/
2607:5300:60:9457::2 302 http://www.agroanalytics.pro/ 2.064 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://agroanalytics.pro/
185.65.247.179 200 5.630 N
Certificate error: RemoteCertificateChainErrors
https://agroanalytics.pro/
2a05:480:0:f7b3::2 200 5.373 N
Certificate error: RemoteCertificateChainErrors
https://www.agroanalytics.pro/
185.65.247.179 200 5.530 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.65.247.179 301 https://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.097 A
Visible Content: 301 Moved Permanently nginx/1.15.2
http://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a05:480:0:f7b3::2 301 https://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.073 A
Visible Content: 301 Moved Permanently nginx/1.15.2
http://www.agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.65.247.179 301 https://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.090 E
Visible Content: 301 Moved Permanently nginx/1.15.2
http://www.agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2607:5300:60:9457::2 404 0.450 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.
https://agroanalytics.pro/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 5.350 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: 404 Not Found nginx/1.15.2

ipv4 + /.well-known/acme-challenge is redirected to https, ipv6 + /.well-known/acme-challenge isn’t redirected.

So: Where are the created certificates? And: Is your ipv6 configured?

There are different Server headers - nginx and “Server: nginx/1.15.2”.

Letsencrypt prefers ipv6, so the different answers are critical.

1 Like

Yep, there were problems with IPv6, AAAA records. Fixed it.

Actually, I just tried several times today to renew certificate, every time I got that certificate was renewed, but expire date was two days ago: 2019-03-03. And, as I understood, right now I can try renew once more?

But I can`t, because of rate limits.

What to do?

I don’t understand why you see the old date. Is your system time correct?

Use one of the certificates 60 - 85 days, then create the next.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.