How to debug: There were too many requests of a given type

Help
1

Hello, I have the issue of: to many requests, and I see on the forum that there is no straight answer. Some people say the limit is for 1 hour, other that it takes a week. Where I have this issue for a full month now.

Is it possible to debug how many request were made? Where are they coming from, or how much is left before the limit is removed? Because right now my site is down. Thankfully it is just a test. But if this was a more serious situation I would like to know how can I find out what is causing the problem so I can do something about it.

Bellow some more details :slight_smile:

Details

My domain is: curted.com

I ran this command: sudo certbot renew

It produced this output: Attempting to renew cert from /etc/letsencrypt/renewal/curted.com.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: curted.com. Skipping.

My web server is (include version): NodeJS behind Nginx

The operating system my web server runs on is (include version): Debian

2

Not sure about the limits, but if you’re testing you should be using –dry-run to use the staging servers.

3

I wasn’t testgin, the cert expired since 3 months passed. And I’m keep on getting the limit error since the first time I did run it.

I have 4 other sites - no problem. This one - problem and have no idea how to debug.

4

There are different rate limits, with different time periods. A basic answer is that it's 1 hour for failures and 1 week for successfully issued certificates.

More or less. You can check Certbot's logs in /var/log/letsencrypt. And all Let's Encrypt certificates are in public Certificate Transparency logs, which you can examine through an interface such as crt.sh:

I can't answer that. You can try to figure it out by examining the clients and logs on your computers. The Let's Encrypt staff could also examine the server logs, and they might chime in later in this thread. :slight_smile:

You can determine about when you'll next be able to issue another identical certificate from the information in the links above. For the rate limit in question, you can issue another identical certificate as soon as there haven't been 5 in the last week.

As the link above shows, something has been issuing (or trying to issue) identical certificates twice a day since June 26. :worried:

You should have 12 valid certificates somewhere in /etc/letsencrypt or elsewhere on one of your computers.

(Actually, in a pinch, you only need one of the private keys. You can download the certificates again.)

You can work around the duplicate certificate rate limit by issuing a certificate for this name and one or more other names. (www.curted.com or another domain or whatever you'd like.) It sounds silly, but it will work.

Still, you need to figure out what's trying to issue so many certificates, and stop it.

Could you paste one of the recent log files from /var/log/letsencrypt?

5

Cool thank you very much for your reply and crt.sh is a very nice insight to have to see more visually what is going on - I’ll go and hunt down what is doing all those requests :slight_smile:

1 Like
6

Check all your /etc/cron* files for an invocation of certbot renew with either the --renew-by-default or --force-renewal options. There are a few guides suggest that first option, but it is incorrect and will cause a certificate to be issued every time the cronjob is run until you hit the rate limit.

7

I did check my Cron, and there is only one entry (I checked all the folders) in cron.d, which is:

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

So it seams that it should be OK.

Alos in the lets encrypt logs I have this:

2017-07-18 00:30:43,440:DEBUG:certbot.main:Root logging level set at 30
2017-07-18 00:30:43,441:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-18 00:30:43,441:DEBUG:certbot.main:certbot version: 0.9.3
2017-07-18 00:30:43,441:DEBUG:certbot.main:Arguments: ['-q']
2017-07-18 00:30:43,442:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-07-18 00:30:43,447:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-07-18 00:30:43,452:DEBUG:parsedatetime:CRE_UNITS matched
2017-07-18 00:30:43,452:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-07-18 00:30:43,452:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-07-18 00:30:43,453:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-07-18 00:30:43,453:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=7, tm_mday=18, tm_hour=0, tm_min=30, tm_sec=43, tm_wday=1, tm_yday=199, tm_isdst=0))
2017-07-18 00:30:43,453:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-07-18 00:30:43,453:DEBUG:parsedatetime:units days --> realunit days
2017-07-18 00:30:43,453:DEBUG:parsedatetime:return
2017-07-18 00:30:43,453:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2017-06-30 18:16:00 UTC.
2017-07-18 00:30:43,453:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2017-07-18 00:30:43,461:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-07-18 00:30:43,463:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa124c570d0>
Prep: True
2017-07-18 00:30:43,464:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa124c570d0> and installer None
2017-07-18 00:30:43,480:DEBUG:certbot.main:Picked account: <Account(97c5753dfc57cae90812472b5e892060)>
2017-07-18 00:30:43,481:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2017-07-18 00:30:43,483:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-07-18 00:30:43,656:DEBUG:urllib3.connectionpool:"GET /directory HTTP/1.1" 200 352
2017-07-18 00:30:43,657:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '352', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 'boulder-request-id': 'qsW5arcTs8O0jdL8NlNMVab3Q56cCJtymTajILfdnE4', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 18 Jul 2017 00:28:47 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': 'C1Njvew_5LpiZSOzJAILzdEDWdfBzdmclvaJqNV9fkM'}. Content: '{\n  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-07-18 00:30:43,657:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '352', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 'boulder-request-id': 'qsW5arcTs8O0jdL8NlNMVab3Q56cCJtymTajILfdnE4', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 18 Jul 2017 00:28:47 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'replay-nonce': 'C1Njvew_5LpiZSOzJAILzdEDWdfBzdmclvaJqNV9fkM'}): '{\n  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2017-07-18 00:30:43,657:INFO:certbot.main:Renewing an existing certificate
2017-07-18 00:30:43,657:DEBUG:root:Requesting fresh nonce
2017-07-18 00:30:43,657:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2017-07-18 00:30:43,730:DEBUG:urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2017-07-18 00:30:43,731:DEBUG:root:Received <Response [405]>. Headers: {'content-length': '91', 'pragma': 'no-cache', 'boulder-request-id': 'ABjVwhCaFq9X51vsinj1yLdTgGT1eM1AF4kE9vZcong', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'allow': 'POST', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Tue, 18 Jul 2017 00:28:47 GMT', 'content-type': 'application/problem+json', 'replay-nonce': 'nBKyATI3pySvtph75JtKjl20-APYfqax_lvq8cRhSbA'}. Content: ''
2017-07-18 00:30:43,731:DEBUG:acme.client:Storing nonce: '\x9c\x12\xb2\x0127\xa7$\xaf\xb6\x98{\xe4\x9bJ\x8e]\xb4\xf8\x03\xd8~\xa6\xb1\xfe[\xea\xf1\xc4aI\xb0'
2017-07-18 00:30:43,732:DEBUG:acme.jose.json_util:Omitted empty fields: status=None, combinations=None, expires=None, challenges=None
2017-07-18 00:30:43,732:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "curted.com"}, "resource": "new-authz"}
2017-07-18 00:30:43,733:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-07-18 00:30:43,735:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-07-18 00:30:43,735:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "y_aEA2FmE5k4L5UrJj1Zbiq0Fdm0XdilAfmgARh-Eg13prxKasf8UHy2EOIgQ0awyOzv6VW2wEH_dQVtTT_BP5IPD6OEiE2ZzFgljWHk0K8lJghX3E9NGEUA2Cd8GQiwiPo_1q2IycKEnA4p-8t20lbnF-rHTJMup-FAnajrdi5O6T7teWh8lPD0usJBDlcs4rKw-KC5jj_eIihPBuN0hA4l1pnR_cFwj1zmjdTvqfbxCtT5wofShru9-kXDvwszD537LEku4AYdwKbs36WcxOzliHfD0fd8hDvyIifaPOmnCN79GWaH8y0CNIXVJesBzepR-7dkbgVQFElHPSwlsw"}}, "protected": "eyJub25jZSI6ICJuQkt5QVRJM3B5U3Z0cGg3NUp0S2psMjAtQVBZZnFheF9sdnE4Y1JoU2JBIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJjdXJ0ZWQuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "XoHVjkS4LQRCpZc3fa46Zyn9g4JgN7rVO9qLlmp2HdUhnnBzt2vVUE7L247boZ4cGbEQVUXT7pCDAx3Seq38_mnKuT_C2T44IvxbwNMX3zh8K5X3R3QmnqQ4UrRWbmggLcNojKady-vi547nfTMDIn8gUb0GmhbYg3o_j01cuFa17-8tv8UzFENzS3dvEwT9x2qgXRHubUQjhQPDu4QUeQWK2mFBuidF3-YAiFsZLYN3hyKrNdunMPeCMVAunwew_h4PImbmFGD2uB8RR3APao_qvezyyrnr17UcEHiG7Hr-LzxpgcI5Vm6ejpOQeEoSR591qYIma_N6l3KZ1YiNXQ"}'}
2017-07-18 00:30:43,819:DEBUG:urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1476
2017-07-18 00:30:43,820:DEBUG:root:Received <Response [201]>. Headers: {'content-length': '1476', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 
2017-07-18 00:30:43,820:DEBUG:acme.client:Storing nonce: 'f{\\\xe1\x1b-Q\x8a\xd0t|\x04P\x0fv\xe5#\x84\xfcF\xe8\xda\xe4MOx83[\x17Uv'
2017-07-18 00:30:43,820:DEBUG:acme.client:Received response <Response [201]> (headers: {'content-length': '1476', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 
2017-07-18 00:30:43,821:INFO:certbot.auth_handler:Performing the following challenges:
2017-07-18 00:30:43,821:INFO:certbot.auth_handler:http-01 challenge for curted.com
2017-07-18 00:30:43,821:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /home/admin/Documents/WebApps/curted.com/.well-known/acme-challenge
2017-07-18 00:30:43,824:DEBUG:certbot.plugins.webroot:Attempting to save validation to /home/admin/Documents/WebApps/curted.com/.well-known/acme-challenge/SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4
2017-07-18 00:30:43,825:INFO:certbot.auth_handler:Waiting for verification...
2017-07-18 00:30:43,825:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4.34gD3S1NIp1i1U4s6Q3oreZuaBLpq8nZ9QM2D8tK4qQ", "type": "http-01", "resource": "challenge"}
2017-07-18 00:30:43,826:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-07-18 00:30:43,828:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-07-18 00:30:43,828:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "y_aEA2FmE5k4L5UrJj1Zbiq0Fdm0XdilAfmgARh-Eg13prxKasf8UHy2EOIgQ0awyOzv6VW2wEH_dQVtTT_BP5IPD6OEiE2ZzFgljWHk0K8lJghX3E9NGEUA2Cd8GQiwiPo_1q2IycKEnA4p-8t20lbnF-rHTJMup-FAnajrdi5O6T7teWh8lPD0usJBDlcs4rKw-KC5jj_eIihPBuN0hA4l1pnR_cFwj1zmjdTvqfbxCtT5wofShru9-kXDvwszD537LEku4AYdwKbs36WcxOzliHfD0fd8hDvyIifaPOmnCN79GWaH8y0CNIXVJesBzepR-7dkbgVQFElHPSwlsw"}}, "protected": "eyJub25jZSI6ICJabnRjNFJzdFVZclFkSHdFVUE5MjVTT0VfRWJvMnVSTlQzZzRNMXNYVlhZIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlNYQXR5Q0pSLUc5WThNZC1odFZPcWRuUFo2aVZjSUhrVUsyVFFjaHozYTQuMzRnRDNTMU5JcDFpMVU0czZRM29yZVp1YUJMcHE4blo5UU0yRDh0SzRxUSIsICJ0eXBlIjogImh0dHAtMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "utbMFHWjGKVq6oVFR1i9JYDZIKdoPqCu2tHaYbVeygNOB9X2tibPaX2bY3yNvR17VBaAsafpiKxD2Q-IjmEjMR7G8dx0UwDKvkdjr3acLurPP9g6jqHuVnGbOXRPHJ-W9SF_u7heF9cf5-GxMcDfd2DOPEvpE65y620SDyDeZ_-pu7KO_cSmhQ2zK8jnj9XCz2KR1uvlK114_ja3jZA8AHTXWr4UhkltERpZQRjdodzO5GI0iQ3qzzhYE2StX3-95XT5thvoHOBG-1sTEpQoL1iOicbMWbfDUUBJXtGfQ5ANrNA6Um71ZYJfrl8bmrlXZNry0pX6_maIL8GgyVLreA"}'}
2017-07-18 00:30:43,903:DEBUG:urllib3.connectionpool:"POST /acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167 HTTP/1.1" 202 661
2017-07-18 00:30:43,904:DEBUG:root:Received <Response [202]>. Headers: {'content-length': '661', 'boulder-request-id': 'LQk9GR3W96ab9PiDQRAxs5PdQCQd_waXbS4Tg8LN6NY', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 'server': 'nginx', 'cache-control': 'max-age=0, no-cache, no-store', 'connection': 'keep-alive', 'link': '<https://acme-v01.api.letsencrypt.org/acme/authz/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk>;rel="up"', 'location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167', 'pragma': 'no-cache', 'boulder-requester': '11708617', 'date': 'Tue, 18 Jul 2017 00:28:47 GMT', 'content-type': 'application/json', 'replay-nonce': 'ncYkxB2WEFqSPhJqMasYVoK4bRFYCeNmPsTkTVwbSGo'}. Content: '{\n  "type": "http-01",\n  "status": "valid",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167",\n  "token": "SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4",\n  "keyAuthorization": "SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4.34gD3S1NIp1i1U4s6Q3oreZuaBLpq8nZ9QM2D8tK4qQ",\n  "validationRecord": [\n    {\n      "url": "http://curted.com/.well-known/acme-challenge/SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4",\n      "hostname": "curted.com",\n      "port": "80",\n      "addressesResolved": [\n        "34.196.130.249"\n      ],\n      "addressUsed": "34.196.130.249",\n      "addressesTried": []\n    }\n  ]\n}'
2017-07-18 00:30:43,904:DEBUG:acme.client:Storing nonce: '\x9d\xc6$\xc4\x1d\x96\x10Z\x92>\x12j1\xab\x18V\x82\xb8m\x11X\t\xe3f>\xc4\xe4M\\\x1bHj'
2017-07-18 00:30:43,904:DEBUG:acme.client:Received response <Response [202]> (headers: {'content-length': '661', 'boulder-request-id': 'LQk9GR3W96ab9PiDQRAxs5PdQCQd_waXbS4Tg8LN6NY', 'expires': 'Tue, 18 Jul 2017 00:28:47 GMT', 'server': 'nginx', 'cache-control': 'max-age=0, no-cache, no-store', 'connection': 'keep-alive', 'link': '<https://acme-v01.api.letsencrypt.org/acme/authz/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk>;rel="up"', 'location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167', 'pragma': 'no-cache', 'boulder-requester': '11708617', 'date': 'Tue, 18 Jul 2017 00:28:47 GMT', 'content-type': 'application/json', 'replay-nonce': 'ncYkxB2WEFqSPhJqMasYVoK4bRFYCeNmPsTkTVwbSGo'}): '{\n  "type": "http-01",\n  "status": "valid",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk/1426656167",\n  "token": "SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4",\n  "keyAuthorization": "SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4.34gD3S1NIp1i1U4s6Q3oreZuaBLpq8nZ9QM2D8tK4qQ",\n  "validationRecord": [\n    {\n      "url": "http://curted.com/.well-known/acme-challenge/SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4",\n      "hostname": "curted.com",\n      "port": "80",\n      "addressesResolved": [\n        "34.196.130.249"\n      ],\n      "addressUsed": "34.196.130.249",\n      "addressesTried": []\n    }\n  ]\n}'
2017-07-18 00:30:46,907:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk. args: (), kwargs: {}
2017-07-18 00:30:46,981:DEBUG:urllib3.connectionpool:"GET /acme/authz/L2O3iL_yL4_anPXV-jXNcEHe5_soVRJnG6dWXHHh-Xk HTTP/1.1" 200 1476
2017-07-18 00:30:46,981:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '1476', 'expires': 'Tue, 18 Jul 2017 00:28:50 GMT', 
2017-07-18 00:30:46,981:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '1476', 'expires': 'Tue, 18 Jul 2017 00:28:50 GMT',
2017-07-18 00:30:46,982:INFO:certbot.auth_handler:Cleaning up challenges
2017-07-18 00:30:46,982:DEBUG:certbot.plugins.webroot:Removing /home/admin/Documents/WebApps/curted.com/.well-known/acme-challenge/SXAtyCJR-G9Y8Md-htVOqdnPZ6iVcIHkUK2TQchz3a4
2017-07-18 00:30:46,982:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /home/admin/Documents/WebApps/curted.com/.well-known/acme-challenge
2017-07-18 00:30:47,133:INFO:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0094_key-certbot.pem
2017-07-18 00:30:47,136:INFO:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0094_csr-certbot.pem
2017-07-18 00:30:47,136:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/0094_csr-certbot.pem', data='0\x82\x02\x820\x82\x01j\x02\x01\x020\x151\x130\x11\x06\x03U\x04\x03\x0c\ncurted.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x9c\x0f\xe7v\xf8\xa4\xde\x04Gdx\xda\xde \xd5\x87>\xa28\x06\x0c\xfa\xbaq.\xef\x16|OL\xc5\x12\xa0I\xbd\x87\xed.hz\xd2,\xc3\\\xd8\xf2\xfbU\x12Ir\xf35\xf3\x90l6;\xe7\xbf8Y#\xa5w\x18\x98;\x02\x8eu\xcbWD\x8a\x8f\x18b\xf3EX\x08?\x8fIx\xc2\xc0Ng\'\xb6\xe1\xef\x01\xcd\xc0\xa7\xc6\xbd-\xc9\xcbI\xa0\x07\xb2,\xe1\x141\xf8y\x17\xdau\x06\x99\xa6Y\xb2TBC>a\xde\xf9\xb2&l\xf3\x0b1\x1d\xdb\x82\x99~\xef\x00~Sx^\x1b\x86\xc5Mm\xa0{\xf1$n\x1a\xf6O\xa8\x06\xc23\xd94B\x8d\xec\xb7\xc0*\xfd\x07g\x9d\xd7\xd2\xaf\xb0\x95\xc2\xc9Ux\xab\xb6$F\xa5l=<\x8a6\x93\xc7:\xdcB\xf2$\rJ\x1en^/\xe2<\x02\xd5\x05\x02\xad\xeb\x92=\x9er\xa7\x05i\x9f\xfe\r2\x85\x1b\xbfQ\xa8,\xcej\xc6D=w\xfb\x99^$\x87\xca>\x17\xb2\xd2\x1a\xdd\x89\x93\xda\xe2>\x08G\x02\x03\x01\x00\x01\xa0(0&\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x190\x170\x15\x06\x03U\x1d\x11\x04\x0e0\x0c\x82\ncurted.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x84O\x94\xc4\xf6\xa2\xdc\xa9\xe0C\x07{\xae\n\xc98\xaev\x81\xa4\x8e\xe6\xf5\xf0\x84\x17m\xb1\xacf\xad\xee\xabO\x1fx$\xf9u\xc7\xc2\xd0t*b-\x00\xba7:\\\xcd\xa7\x1e\xba%@\xaf#\xb0&F\xa2\x00\x90\xd6\xa7.\x88\x8f]\xfbK\xa2?\x86~of\x9d\xd0J!\xadA\xf1\xb6_\xf5\xdf\x86\x1aY\x1f\xc3\xfeJ8G\xcc\xe1\xf5\x7f\xd1\xd9Y\x07\xc2H\xaa\x96\xae\xe79\xbbT\xf9<\xe4\xb5\xf0\xf2I\x90\xff\xa3\x8av\xff+NCFp\x1e\x00.\xf4\xcc\x02\x84\x91\xf0\x0f\xdd+Y\xe6b^\xd8kX\x87A\xe1\xd5\x9c\xcc\xfeu:^\xe2\xa0\x0b\x08N\xaa2\x13\xc5\x19O\x92\x9c\xce\xbd\xf3S\xc6"AL<IG\x84\x1c\nI\xb7\x8b9\x83\xa1\xa7S\n\xd2\xe7\x92\x11d\xd3\x8c=E\xabf\xbe\x08\xb2\x9ab:\x8c\xe3\x17\xdds\x82F\x91\x19h1\x08\x91NYE\x86\x95\x8d?\x10\xac\xa7\x8bq\xd7\xe7\x93\xa8w\x95\'\xbc\x1a/\r\x9a\xe7v\xa6', form='der'), domains: [u'curted.com']
2017-07-18 00:30:47,137:DEBUG:acme.client:Requesting issuance...
2017-07-18 00:30:47,137:DEBUG:acme.client:Serialized JSON: {"resource": "new-cert", "csr": "MIICgjCCAWoCAQIwFTETMBEGA1UEAwwKY3VydGVkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwP53b4pN4ER2R42t4g1Yc-ojgGDPq6cS7vFnxPTMUSoEm9h-0uaHrSLMNc2PL7VRJJcvM185BsNjvnvzhZI6V3GJg7Ao51y1dEio8YYvNFWAg_j0l4wsBOZye24e8BzcCnxr0tyctJoAeyLOEUMfh5F9p1BpmmWbJUQkM-Yd75siZs8wsxHduCmX7vAH5TeF4bhsVNbaB78SRuGvZPqAbCM9k0Qo3st8Aq_QdnndfSr7CVwslVeKu2JEalbD08ijaTxzrcQvIkDUoebl4v4jwC1QUCreuSPZ5ypwVpn_4NMoUbv1GoLM5qxkQ9d_uZXiSHyj4XstIa3YmT2uI-CEcCAwEAAaAoMCYGCSqGSIb3DQEJDjEZMBcwFQYDVR0RBA4wDIIKY3VydGVkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAhE-UxPai3KngQwd7rgrJOK52gaSO5vXwhBdtsaxmre6rTx94JPl1x8LQdCpiLQC6NzpczaceuiVAryOwJkaiAJDWpy6Ij137S6I_hn5vZp3QSiGtQfG2X_XfhhpZH8P-SjhHzOH1f9HZWQfCSKqWruc5u1T5POS18PJJkP-jinb_K05DRnAeAC70zAKEkfAP3StZ5mJe2GtYh0Hh1ZzM_nU6XuKgCwhOqjITxRlPkpzOvfNTxiJBTDxJR4QcCkm3izmDoadTCtLnkhFk04w9RatmvgiymmI6jOMX3XOCRpEZaDEIkU5ZRYaVjT8QrKeLcdfnk6h3lSe8Gi8Nmud2pg"}
2017-07-18 00:30:47,138:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, cty=None, x5t=None, alg=None, x5tS256=None, x5u=None, kid=None, jwk=None
2017-07-18 00:30:47,140:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2017-07-18 00:30:47,140:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert. args: (), kwargs: {'headers': {'Accept': 'application/pkix-cert'}, 'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "y_aEA2FmE5k4L5UrJj1Zbiq0Fdm0XdilAfmgARh-Eg13prxKasf8UHy2EOIgQ0awyOzv6VW2wEH_dQVtTT_BP5IPD6OEiE2ZzFgljWHk0K8lJghX3E9NGEUA2Cd8GQiwiPo_1q2IycKEnA4p-8t20lbnF-rHTJMup-FAnajrdi5O6T7teWh8lPD0usJBDlcs4rKw-KC5jj_eIihPBuN0hA4l1pnR_cFwj1zmjdTvqfbxCtT5wofShru9-kXDvwszD537LEku4AYdwKbs36WcxOzliHfD0fd8hDvyIifaPOmnCN79GWaH8y0CNIXVJesBzepR-7dkbgVQFElHPSwlsw"}}, "protected": "eyJub25jZSI6ICJuY1lreEIyV0VGcVNQaEpxTWFzWVZvSzRiUkZZQ2VObVBzVGtUVndiU0dvIn0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ2dqQ0NBV29DQVFJd0ZURVRNQkVHQTFVRUF3d0tZM1Z5ZEdWa0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKd1A1M2I0cE40RVIyUjQydDRnMVljLW9qZ0dEUHE2Y1M3dkZueFBUTVVTb0VtOWgtMHVhSHJTTE1OYzJQTDdWUkpKY3ZNMTg1QnNOanZudnpoWkk2VjNHSmc3QW81MXkxZEVpbzhZWXZORldBZ19qMGw0d3NCT1p5ZTI0ZThCemNDbnhyMHR5Y3RKb0FleUxPRVVNZmg1RjlwMUJwbW1XYkpVUWtNLVlkNzVzaVpzOHdzeEhkdUNtWDd2QUg1VGVGNGJoc1ZOYmFCNzhTUnVHdlpQcUFiQ005azBRbzNzdDhBcV9RZG5uZGZTcjdDVndzbFZlS3UySkVhbGJEMDhpamFUeHpyY1F2SWtEVW9lYmw0djRqd0MxUVVDcmV1U1BaNXlwd1Zwbl80Tk1vVWJ2MUdvTE01cXhrUTlkX3VaWGlTSHlqNFhzdElhM1ltVDJ1SS1DRWNDQXdFQUFhQW9NQ1lHQ1NxR1NJYjNEUUVKRGpFWk1CY3dGUVlEVlIwUkJBNHdESUlLWTNWeWRHVmtMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWhFLVV4UGFpM0tuZ1F3ZDdyZ3JKT0s1MmdhU081dlh3aEJkdHNheG1yZTZyVHg5NEpQbDF4OExRZENwaUxRQzZOenBjemFjZXVpVkFyeU93SmthaUFKRFdweTZJajEzN1M2SV9objV2WnAzUVNpR3RRZkcyWF9YZmhocFpIOFAtU2poSHpPSDFmOUhaV1FmQ1NLcVdydWM1dTFUNVBPUzE4UEpKa1AtamluYl9LMDVEUm5BZUFDNzB6QUtFa2ZBUDNTdFo1bUplMkd0WWgwSGgxWnpNX25VNlh1S2dDd2hPcWpJVHhSbFBrcHpPdmZOVHhpSkJURHhKUjRRY0NrbTNpem1Eb2FkVEN0TG5raEZrMDR3OVJhdG12Z2l5bW1JNmpPTVgzWE9DUnBFWmFERUlrVTVaUllhVmpUOFFyS2VMY2Rmbms2aDNsU2U4R2k4Tm11ZDJwZyJ9", "signature": "mRPO3xHjxTGFXxML9okWqVtC3jM5L8gVfF8lIx4NV4J5LPf3WkD0mKJf6ixOjMR_lqp2l-xnpOGciALqBn0rBtwklS2KR2n2_zMEY8GGfugf2jsSlXb_heeYv-OEaCnql1-JpDhgvud6wxX9zUsHWVZ--vcgHZ0Z4-ptWUka-p0nkgRTvYt-fQNhAxO2yrThCywVlXF4xoIbj2vWAU1hAAD3nPPE0XYSOqaNHgbZnQz8tZiuf2p-WRUwFWqiELlO70Ez2qf04RAaAPAB_tWvEKKOO1MUBEnaF49PHgKxmgRiJdCWAUy1ehz384bWds4GDZkgpGf3te6AbckSMtf90g"}'}
2017-07-18 00:30:47,246:DEBUG:urllib3.connectionpool:"POST /acme/new-cert HTTP/1.1" 201 1275
2017-07-18 00:30:47,247:DEBUG:root:Received <Response [201]>. Headers: {'content-length': '1275', 'expires': 'Tue, 18 Jul 2017 00:28:51 GMT',
2017-07-18 00:30:47,247:DEBUG:acme.client:Storing nonce: '\\\xd4H:\xa4\xdc\xb7Q\xa3\xeb\xea\xcc\x1b\r\x90\xe2\x04;\x86\xd5\x1d\x83!\xaa\xd4\x02E\xb3?\x1b\x1b\x90' 
2017-07-18 00:30:47,247:DEBUG:acme.client:Received response <Response [201]> (headers: {'content
2017-07-18 00:30:47,264:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/issuer-cert. args: (), kwargs: {'headers': {'Accept': 'application/pkix-cert'}}
2017-07-18 00:30:47,331:DEBUG:urllib3.connectionpool:"GET /acme/issuer-cert HTTP/1.1" 200 1174
2017-07-18 00:30:47,331:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '1174', 'expires': 'Tue, 18 Jul 2017 00:28:51 GMT',
2017-07-18 00:30:47,332:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '1174', 'expires': 'Tue, 18 Jul 2017 00:28:51 GMT', 
2017-07-18 00:30:47,343:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/curted.com/privkey3.pem.
2017-07-18 00:30:47,343:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/curted.com/cert3.pem.
2017-07-18 00:30:47,343:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/curted.com/chain3.pem.
2017-07-18 00:30:47,344:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/curted.com/fullchain3.pem.
2017-07-18 00:30:47,885:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/curted.com.conf.new.
2017-07-18 00:30:47,888:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-07-18 00:30:47,888:DEBUG:parsedatetime:CRE_UNITS matched
2017-07-18 00:30:47,889:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-07-18 00:30:47,889:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-07-18 00:30:47,889:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-07-18 00:30:47,889:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=7, tm_mday=18, tm_hour=0, tm_min=30, tm_sec=47, tm_wday=1, tm_yday=199, tm_isdst=0))
2017-07-18 00:30:47,889:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-07-18 00:30:47,889:DEBUG:parsedatetime:units days --> realunit days
2017-07-18 00:30:47,889:DEBUG:parsedatetime:return
2017-07-18 00:30:47,889:INFO:certbot.renewal:Cert not yet due for renewal
2017-07-18 00:30:47,891:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-07-18 00:30:47,891:DEBUG:parsedatetime:CRE_UNITS matched
2017-07-18 00:30:47,891:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-07-18 00:30:47,891:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-07-18 00:30:47,891:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-07-18 00:30:47,891:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=7, tm_mday=18, tm_hour=0, tm_min=30, tm_sec=47, tm_wday=1, tm_yday=199, tm_isdst=0))
2017-07-18 00:30:47,891:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-07-18 00:30:47,891:DEBUG:parsedatetime:units days --> realunit days
2017-07-18 00:30:47,891:DEBUG:parsedatetime:return
2017-07-18 00:30:47,891:INFO:certbot.renewal:Cert not yet due for renewal
2017-07-18 00:30:47,893:DEBUG:parsedatetime:parse (top of loop): [30 days][]
2017-07-18 00:30:47,893:DEBUG:parsedatetime:CRE_UNITS matched
2017-07-18 00:30:47,893:DEBUG:parsedatetime:parse (bottom) [][30 days][][]
2017-07-18 00:30:47,893:DEBUG:parsedatetime:weekday False, dateStd False, dateStr False, time False, timeStr False, meridian False
2017-07-18 00:30:47,893:DEBUG:parsedatetime:dayStr False, modifier False, modifier2 False, units True, qunits False
2017-07-18 00:30:47,894:DEBUG:parsedatetime:_evalString(30 days, time.struct_time(tm_year=2017, tm_mon=7, tm_mday=18, tm_hour=0, tm_min=30, tm_sec=47, tm_wday=1, tm_yday=199, tm_isdst=0))
2017-07-18 00:30:47,894:DEBUG:parsedatetime:_buildTime: [30 ][][days]
2017-07-18 00:30:47,894:DEBUG:parsedatetime:units days --> realunit days
2017-07-18 00:30:47,894:DEBUG:parsedatetime:return
2017-07-18 00:30:47,894:INFO:certbot.renewal:Cert not yet due for renewal
2017-07-18 00:30:47,894:DEBUG:certbot.renewal:no renewal failures

Which shows that the cert is being updated, at least as far as I can see. One thing that I noticed is how the certs are linked:

admin@ip-172-31-62-165:/etc/letsencrypt$ sudo ls -la live/curted.com
total 8
drwxr-xr-x 2 root root 4096 Jul 18 00:30 .
drwx------ 6 root root 4096 Apr  2 12:03 ..
lrwxrwxrwx 1 root root   39 Jul 18 00:30 cert.pem -> ../../archive/curted.com-0001/cert2.pem
lrwxrwxrwx 1 root root   40 Jul 18 00:30 chain.pem -> ../../archive/curted.com-0001/chain2.pem
lrwxrwxrwx 1 root root   44 Jul 18 00:30 fullchain.pem -> ../../archive/curted.com-0001/fullchain2.pem
lrwxrwxrwx 1 root root   42 Jul 18 00:30 privkey.pem -> ../../archive/curted.com-0001/privkey2.pem
admin@ip-172-31-62-165:/etc/letsencrypt$ sudo ls -la live/david.gatti.pl
total 8
drwxr-xr-x 2 root root 4096 Jun 26 20:16 .
drwx------ 6 root root 4096 Apr  2 12:03 ..
lrwxrwxrwx 1 root root   38 Jun 26 20:16 cert.pem -> ../../archive/david.gatti.pl/cert2.pem
lrwxrwxrwx 1 root root   39 Jun 26 20:16 chain.pem -> ../../archive/david.gatti.pl/chain2.pem
lrwxrwxrwx 1 root root   43 Jun 26 20:16 fullchain.pem -> ../../archive/david.gatti.pl/fullchain2.pem
lrwxrwxrwx 1 root root   41 Jun 26 20:16 privkey.pem -> ../../archive/david.gatti.pl/privkey2.pem
admin@ip-172-31-62-165:/etc/letsencrypt$ sudo ls -la live/mrwhitellc.com

The cert for curted.com have this 0001 appended - could this be the problem?

8

Yes, did you partially delete or rearrange the contents of /etc/letsencrypt at some point?

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.