I cant renew my ssl cert

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pomorze.travel

I ran this command: certbot renew
It produced this output:

Attempting to renew cert (pomorze.travel) from /etc/letsencrypt/renewal/pomorze.travel.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: bory-tucholskie.pomorze.travel,gdansk.travel,kaszuby.pomorze.travel,kociewie.pomorze.travel,nadmorzem.pomorze.travel,pomorze.travel,powisle.pomorze.travel,sopot.travel,swinoujscie.pomorze.travel,www.bory-tucholskie.pomorze.travel,www.gdansk.travel,www.kaszuby.pomorze.travel,www.kociewie.pomorze.travel,www.nadmorzem.pomorze.travel,www.pomorze.travel,www.powisle.pomorze.travel,www.sopot.travel,www.swinoujscie.pomorze.travel,www.zulawy.pomorze.travel,zulawy.pomorze.travel: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/pomorze.travel/fullchain.pem (failure)

My web server is (include version): node js 10.15.3 and framework express

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is: ovh.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.37.2

MY PROBLEM: I was trying to renew the certificate but my port 80 was not available. Five times I tried renew the certificate and I get automatically respond that my new certificate is out of limit. Then I downloaded CRT file from the site: https://crt.sh/?d=2615366961 but this certificate is not ‘trusted’. Is it possible to update my PM files with the downloaded certificate which is not trusted? Do I need to wait 7 days for another chance to update this by myself. Maybe cetbot doesnt understand the procedure and maybe I need to do something by myself now. Can I renew my PM files related to SSL without the trusted certificate?

I am programmer and in the field of the servers I am absolutely beginner.

I am looking forward to hearing from you,
Michael

1 Like
3

Hi @cassubian

you didn't try it. Your error message says, you have renewed your certificate.

So you have 5 identical certificates.

Please use one of these.

PS: This

is a correct leaf certificate, so you can use it. But you need the private key.

1 Like
4

Hi @JuergenAuer,

thank you very much for your answer.

I would like to ask you how can I generate the private key?

For the correct working SSL certificate I need three more files: privkey.pem, cert.pem and chain.pem.

My SSL configuration at my server is:

const privateKey = fs.readFileSync('/etc/letsencrypt/live/pomorze.travel/privkey.pem', 'utf8'),

certificate = fs.readFileSync('/etc/letsencrypt/live/pomorze.travel/cert.pem', 'utf8'),

ca = fs.readFileSync('/etc/letsencrypt/live/pomorze.travel/chain.pem', 'utf8'),

Can I generate those three files by the CRT file or cerbot?

If you know how to do this I would be very thankful, I don't know how to get those three files by using the Cert file. I have also another question- can I copy the new generated pem files to the directories written above.

I'm looking forward to hearing from you,

Michael

1 Like
5

You can't. If you have deleted the private keys, you have to wait. That's how certificates work.

Deleting certificates is always wrong.

1 Like
6

I haven’t deleted the key, I have copies

1 Like
7

Where are those copies located?

8

const privateKey = fs.readFileSync(’/etc/letsencrypt/live/pomorze.travel/privkey.pem’, ‘utf8’)

this is the path where the key is stored

1 Like
9

could you please help me?

10

And you’re saying that that file still exists? You can see its contents with cat or something? (don’t post them here because they are supposed to be kept secret)

If so, what error do you get when your application tries to read the file?

13

I have no error I have a file with the crt extension I need to get privkey.pem, cert.pem, chain.pem. I do not know how to do this. when I try to connect through the https protocol I receive a message The connection is not private

14

I’m confused by this just because I thought earlier you said that you already have a copy of privkey.pem, unless I misunderstood you. You were saying that you already had a copy of the private key.

@JuergenAuer’s point before is that if you don’t have the private key, you can’t regenerate it—it’s secret information that only exists on your server, and can’t practically be derived from public information. That’s what makes the certificate meaningful, because it refers to a key that only you possess, and therefore your possession of that key can be used by others to confirm your identity.

15

What’s the output of

certbot certificates

(or certbot-auto certificates, if you use certbot-auto)

16

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/pomorze.travel/cert.pem is unknown

Found the following certs:
Certificate Name: pomorze.travel
Domains: pomorze.travel bory-tucholskie.pomorze.travel gdansk.travel kaszuby.pomorze.travel kociewie.pomorze.travel nadmorzem.pomorze.travel powisle.pomorze.travel sopot.travel swinoujscie.pomorze.travel www.bory-tucholskie.pomorze.travel www.gdansk.travel www.kaszuby.pomorze.travel www.kociewie.pomorze.travel www.nadmorzem.pomorze.travel www.pomorze.travel www.powisle.pomorze.travel www.sopot.travel www.swinoujscie.pomorze.travel www.zulawy.pomorze.travel zulawy.pomorze.travel
Expiry Date: 2020-03-22 10:17:00+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/pomorze.travel/fullchain.pem
Private Key Path: /etc/letsencrypt/live/pomorze.travel/privkey.pem

17

Checking your domain via pomorze.travel - Make your website better - DNS, redirects, mixed content, certificates

You have created 5 identical certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-03-23 2020-06-21 bory-tucholskie.pomorze.travel, gdansk.travel, kaszuby.pomorze.travel, kociewie.pomorze.travel, nadmorzem.pomorze.travel, pomorze.travel, powisle.pomorze.travel, sopot.travel, swinoujscie.pomorze.travel, www.bory-tucholskie.pomorze.travel, www.gdansk.travel, www.kaszuby.pomorze.travel, www.kociewie.pomorze.travel, www.nadmorzem.pomorze.travel, www.pomorze.travel, www.powisle.pomorze.travel, www.sopot.travel, www.swinoujscie.pomorze.travel, www.zulawy.pomorze.travel, zulawy.pomorze.travel - 20 entries duplicate nr. 5 next Letsencrypt certificate: 2020-03-30 07:05:38

If you have deleted these certificates, you have to wait:

next Letsencrypt certificate: 2020-03-30 07:05:38

18

Thank you. I didn’t delete those certificates, I just don’t know how to use them.

19

Then certbot certificates should show these.

No certificates visible -> where are these?

Other client?

20

i tried to use command cerbot renew but sth went wrong. I have an impression that the procedure was not completely finished, the port 80 at my server was unavailable. In the directory letsencrypt/keys i have pem files created in the same time when I tried the cerbot renewing.

21

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.