Failed/success renewal

I am using docker lojzik/letsencrypt container for issuing and renewal certs process for ssl certificates from lets encrypt.

My domain is:

I ran this command: docker run --rm -it -v "/root/letsencrypt/log:/var/log/letsencrypt" -v "/var/sites/mocada/certbot:/var/www" -v "/etc/letsencrypt:/etc/letsencrypt" -v "/root/letsencrypt/lib:/var/lib/letsencrypt" lojzik/letsencrypt certonly --webroot --webroot-path /var/www/ -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2019-03-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

My web server is (include version): nginx

The operating system my web server runs on is (include version): Debian

My cert expired on 2019-03-01. I run this command on 2019-03-03, but this produces me the same expire date. From response: “Your cert will expire on 2019-03-03”.

Why? Whats wrong?

Hi @dima_kovalchukv

there are some problems.

First, you have already created 5 certificates today.

So you have hitted the limit.

Second, your configuration isn't good ( ):

Ipv4 and ipv6:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA 2a05:480:0:f7b3::2 yes A yes 1 0
AAAA 2607:5300:60:9457::2 yes

but with different content:

Domainname Http-Status redirect Sec. G
• 301 0.090 A
2a05:480:0:f7b3::2 301 0.086 A
• 301 0.090 E
2607:5300:60:9457::2 404 0.220 M
Not Found
2607:5300:60:9457::2 302 2.064 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
• 200 5.630 N
Certificate error: RemoteCertificateChainErrors
2a05:480:0:f7b3::2 200 5.373 N
Certificate error: RemoteCertificateChainErrors
• 200 5.530 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
• 301 0.097 A
Visible Content: 301 Moved Permanently nginx/1.15.2
2a05:480:0:f7b3::2 301 0.073 A
Visible Content: 301 Moved Permanently nginx/1.15.2
• 301 0.090 E
Visible Content: 301 Moved Permanently nginx/1.15.2
2607:5300:60:9457::2 404 0.450 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server.
• 404 5.350 N
Not Found
Certificate error: RemoteCertificateChainErrors
Visible Content: 404 Not Found nginx/1.15.2

ipv4 + /.well-known/acme-challenge is redirected to https, ipv6 + /.well-known/acme-challenge isn't redirected.

So: Where are the created certificates? And: Is your ipv6 configured?

There are different Server headers - nginx and "Server: nginx/1.15.2".

Letsencrypt prefers ipv6, so the different answers are critical.

1 Like

Yep, there were problems with IPv6, AAAA records. Fixed it.

Actually, I just tried several times today to renew certificate, every time I got that certificate was renewed, but expire date was two days ago: 2019-03-03. And, as I understood, right now I can try renew once more?

But I can`t, because of rate limits.

What to do?

I don't understand why you see the old date. Is your system time correct?

Use one of the certificates 60 - 85 days, then create the next.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.