Failed/success renewal

I am using docker lojzik/letsencrypt container for issuing and renewal certs process for ssl certificates from lets encrypt.

My domain is: agroanalytics.pro

I ran this command: docker run --rm -it -v "/root/letsencrypt/log:/var/log/letsencrypt" -v "/var/sites/mocada/certbot:/var/www" -v "/etc/letsencrypt:/etc/letsencrypt" -v "/root/letsencrypt/lib:/var/lib/letsencrypt" lojzik/letsencrypt certonly --webroot --webroot-path /var/www/ -d agroanalytics.pro

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for agroanalytics.pro
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/agroanalytics.pro/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/agroanalytics.pro/privkey.pem
   Your cert will expire on 2019-03-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

My web server is (include version): nginx

The operating system my web server runs on is (include version): Debian

My cert expired on 2019-03-01. I run this command on 2019-03-03, but this produces me the same expire date. From response: “Your cert will expire on 2019-03-03”.

Why? Whats wrong?

Hi @dima_kovalchukv

there are some problems.

First, you have already created 5 certificates today.

So you have hitted the limit.

Second, your configuration isn't good ( https://check-your-website.server-daten.de/?q=agroanalytics.pro ):

Ipv4 and ipv6:

but with different content:

ipv4 + /.well-known/acme-challenge is redirected to https, ipv6 + /.well-known/acme-challenge isn't redirected.

So: Where are the created certificates? And: Is your ipv6 configured?

There are different Server headers - nginx and "Server: nginx/1.15.2".

Letsencrypt prefers ipv6, so the different answers are critical.

Yep, there were problems with IPv6, AAAA records. Fixed it.

Actually, I just tried several times today to renew certificate, every time I got that certificate was renewed, but expire date was two days ago: 2019-03-03. And, as I understood, right now I can try renew once more?

But I can`t, because of rate limits.

What to do?

I don't understand why you see the old date. Is your system time correct?

Use one of the certificates 60 - 85 days, then create the next.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.