Install ssl issue

Help
1

I was trying to install ssl using certbot on this domain name.
But by my bad, I deleted the ssl config files from my server manually (not by running certbot command), so now when I try to install ssl again, I am getting this error.
I think this is because of my manual deleting.
Is there any way to delete the related data from server? Please help me :slight_smile:

My domain is: sn02.dstrackit.com

I ran this command: sudo certbot --nginx -d sn02.dstrackit.com

It produced this output: An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: sn02.dstrackit.com: see Rate Limits - Let's Encrypt

My web server is (include version): PHP 7.2

The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: nginx/1.18.0 (Ubuntu)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

1 Like
2

Welcome to the Let's Encrypt Community :slightly_smiling_face:

Let's see what we have to work with...

What are the outputs of:

sudo nginx -T
sudo ls -lRa /etc/nginx
sudo ls -lRa /etc/letsencrypt
sudo certbot certificates

Please put 3 backticks above and below each output, like this:

```
output
```

1 Like
3

Thank you.
Here you go the outputs following your commands.
sudo nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

# configuration file /etc/nginx/sites-enabled/sn02.dstrackit.com:
server {
    listen 80;
    listen [::]:80;


    root /var/www/html/snipe-it/public;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name 35.178.67.147 sn02.dstrackit.com;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }


    location ~ /\.(?!well-known).* {
        deny all;
    }
}

# configuration file /etc/nginx/fastcgi_params:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

sudo ls -lRa /etc/nginx

/etc/nginx:
total 72
drwxr-xr-x  8 root root 4096 Sep  8 22:14 .
drwxr-xr-x 98 root root 4096 Sep  8 22:05 ..
drwxr-xr-x  2 root root 4096 May 25 17:10 conf.d
-rw-r--r--  1 root root 1077 Feb  4  2019 fastcgi.conf
-rw-r--r--  1 root root 1007 Feb  4  2019 fastcgi_params
-rw-r--r--  1 root root 2837 Feb  4  2019 koi-utf
-rw-r--r--  1 root root 2223 Feb  4  2019 koi-win
-rw-r--r--  1 root root 3957 Feb  4  2019 mime.types
drwxr-xr-x  2 root root 4096 May 25 17:10 modules-available
drwxr-xr-x  2 root root 4096 Sep  8 21:36 modules-enabled
-rw-r--r--  1 root root 1490 Feb  4  2019 nginx.conf
-rw-r--r--  1 root root  180 Feb  4  2019 proxy_params
-rw-r--r--  1 root root  636 Feb  4  2019 scgi_params
drwxr-xr-x  2 root root 4096 Sep  8 22:10 sites-available
drwxr-xr-x  2 root root 4096 Sep  8 21:43 sites-enabled
drwxr-xr-x  2 root root 4096 Sep  8 21:36 snippets
-rw-r--r--  1 root root  664 Feb  4  2019 uwsgi_params
-rw-r--r--  1 root root 3071 Feb  4  2019 win-utf

/etc/nginx/conf.d:
total 8
drwxr-xr-x 2 root root 4096 May 25 17:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..

/etc/nginx/modules-available:
total 8
drwxr-xr-x 2 root root 4096 May 25 17:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..

/etc/nginx/modules-enabled:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 21:36 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
lrwxrwxrwx 1 root root   61 Sep  8 21:36 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
lrwxrwxrwx 1 root root   60 Sep  8 21:36 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
lrwxrwxrwx 1 root root   48 Sep  8 21:36 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
lrwxrwxrwx 1 root root   50 Sep  8 21:36 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf

/etc/nginx/sites-available:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 22:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
-rw-r--r-- 1 root root 2416 Mar 26  2020 default
-rw-r--r-- 1 root root  737 Sep  8 22:00 sn02.dstrackit.com

/etc/nginx/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 21:43 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
lrwxrwxrwx 1 root root   34 Sep  8 21:36 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root   45 Sep  8 21:43 sn02.dstrackit.com -> /etc/nginx/sites-available/sn02.dstrackit.com

/etc/nginx/snippets:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 21:36 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
-rw-r--r-- 1 root root  423 Feb  4  2019 fastcgi-php.conf
-rw-r--r-- 1 root root  217 Feb  4  2019 snakeoil.conf

sudo ls -lRa /etc/letsencrypt

/etc/nginx:
total 72
drwxr-xr-x  8 root root 4096 Sep  8 22:14 .
drwxr-xr-x 98 root root 4096 Sep  8 22:05 ..
drwxr-xr-x  2 root root 4096 May 25 17:10 conf.d
-rw-r--r--  1 root root 1077 Feb  4  2019 fastcgi.conf
-rw-r--r--  1 root root 1007 Feb  4  2019 fastcgi_params
-rw-r--r--  1 root root 2837 Feb  4  2019 koi-utf
-rw-r--r--  1 root root 2223 Feb  4  2019 koi-win
-rw-r--r--  1 root root 3957 Feb  4  2019 mime.types
drwxr-xr-x  2 root root 4096 May 25 17:10 modules-available
drwxr-xr-x  2 root root 4096 Sep  8 21:36 modules-enabled
-rw-r--r--  1 root root 1490 Feb  4  2019 nginx.conf
-rw-r--r--  1 root root  180 Feb  4  2019 proxy_params
-rw-r--r--  1 root root  636 Feb  4  2019 scgi_params
drwxr-xr-x  2 root root 4096 Sep  8 22:10 sites-available
drwxr-xr-x  2 root root 4096 Sep  8 21:43 sites-enabled
drwxr-xr-x  2 root root 4096 Sep  8 21:36 snippets
-rw-r--r--  1 root root  664 Feb  4  2019 uwsgi_params
-rw-r--r--  1 root root 3071 Feb  4  2019 win-utf

/etc/nginx/conf.d:
total 8
drwxr-xr-x 2 root root 4096 May 25 17:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..

/etc/nginx/modules-available:
total 8
drwxr-xr-x 2 root root 4096 May 25 17:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..

/etc/nginx/modules-enabled:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 21:36 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
lrwxrwxrwx 1 root root   61 Sep  8 21:36 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
lrwxrwxrwx 1 root root   60 Sep  8 21:36 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
lrwxrwxrwx 1 root root   48 Sep  8 21:36 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
lrwxrwxrwx 1 root root   50 Sep  8 21:36 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf

/etc/nginx/sites-available:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 22:10 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
-rw-r--r-- 1 root root 2416 Mar 26  2020 default
-rw-r--r-- 1 root root  737 Sep  8 22:00 sn02.dstrackit.com

/etc/nginx/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 21:43 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
lrwxrwxrwx 1 root root   34 Sep  8 21:36 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root   45 Sep  8 21:43 sn02.dstrackit.com -> /etc/nginx/sites-available/sn02.dstrackit.com

/etc/nginx/snippets:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 21:36 .
drwxr-xr-x 8 root root 4096 Sep  8 22:14 ..
-rw-r--r-- 1 root root  423 Feb  4  2019 fastcgi-php.conf
-rw-r--r-- 1 root root  217 Feb  4  2019 snakeoil.conf
ubuntu@ip-172-31-26-80:~$ ^C
ubuntu@ip-172-31-26-80:~$ sudo ls -lRa /etc/letsencrypt
/etc/letsencrypt:
total 48
drwxr-xr-x  7 root root 4096 Sep  8 22:14 .
drwxr-xr-x 98 root root 4096 Sep  8 22:05 ..
-rw-r--r--  1 root root   64 Sep  8 22:07 .updated-options-ssl-nginx-conf-digest.txt
-rw-r--r--  1 root root   64 Sep  8 22:07 .updated-ssl-dhparams-pem-digest.txt
drwxr-xr-x  3 root root 4096 Sep  8 22:07 accounts
-rw-r--r--  1 root root  121 Feb 11  2019 cli.ini
drwxr-xr-x  2 root root 4096 Sep  8 22:14 csr
drwx------  2 root root 4096 Sep  8 22:14 keys
-rw-r--r--  1 root root  742 Sep  8 22:07 options-ssl-nginx.conf
drwxr-xr-x  2 root root 4096 Sep  8 22:07 renewal
drwxr-xr-x  5 root root 4096 Sep  8 22:06 renewal-hooks
-rw-r--r--  1 root root  424 Sep  8 22:07 ssl-dhparams.pem

/etc/letsencrypt/accounts:
total 12
drwxr-xr-x 3 root root 4096 Sep  8 22:07 .
drwxr-xr-x 7 root root 4096 Sep  8 22:14 ..
drwxr-xr-x 3 root root 4096 Sep  8 22:07 acme-v02.api.letsencrypt.org

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org:
total 12
drwxr-xr-x 3 root root 4096 Sep  8 22:07 .
drwxr-xr-x 3 root root 4096 Sep  8 22:07 ..
drwx------ 3 root root 4096 Sep  8 22:07 directory

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory:
total 12
drwx------ 3 root root 4096 Sep  8 22:07 .
drwxr-xr-x 3 root root 4096 Sep  8 22:07 ..
drwx------ 2 root root 4096 Sep  8 22:07 2a268e3f587bcd1141807d09f7535b42

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/2a268e3f587bcd1141807d09f7535b42:
total 20
drwx------ 2 root root 4096 Sep  8 22:07 .
drwx------ 3 root root 4096 Sep  8 22:07 ..
-rw-r--r-- 1 root root  102 Sep  8 22:07 meta.json
-r-------- 1 root root 1632 Sep  8 22:07 private_key.json
-rw-r--r-- 1 root root   79 Sep  8 22:07 regr.json

/etc/letsencrypt/csr:
total 16
drwxr-xr-x 2 root root 4096 Sep  8 22:14 .
drwxr-xr-x 7 root root 4096 Sep  8 22:14 ..
-rw-r--r-- 1 root root  928 Sep  8 22:07 0000_csr-certbot.pem
-rw-r--r-- 1 root root  928 Sep  8 22:14 0001_csr-certbot.pem

/etc/letsencrypt/keys:
total 16
drwx------ 2 root root 4096 Sep  8 22:14 .
drwxr-xr-x 7 root root 4096 Sep  8 22:14 ..
-rw------- 1 root root 1704 Sep  8 22:07 0000_key-certbot.pem
-rw------- 1 root root 1708 Sep  8 22:14 0001_key-certbot.pem

/etc/letsencrypt/renewal:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 22:07 .
drwxr-xr-x 7 root root 4096 Sep  8 22:14 ..

/etc/letsencrypt/renewal-hooks:
total 20
drwxr-xr-x 5 root root 4096 Sep  8 22:06 .
drwxr-xr-x 7 root root 4096 Sep  8 22:14 ..
drwxr-xr-x 2 root root 4096 Sep  8 22:06 deploy
drwxr-xr-x 2 root root 4096 Sep  8 22:06 post
drwxr-xr-x 2 root root 4096 Sep  8 22:06 pre

/etc/letsencrypt/renewal-hooks/deploy:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 22:06 .
drwxr-xr-x 5 root root 4096 Sep  8 22:06 ..

/etc/letsencrypt/renewal-hooks/post:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 22:06 .
drwxr-xr-x 5 root root 4096 Sep  8 22:06 ..

/etc/letsencrypt/renewal-hooks/pre:
total 8
drwxr-xr-x 2 root root 4096 Sep  8 22:06 .
drwxr-xr-x 5 root root 4096 Sep  8 22:06 ..

sudo certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 Like
4

So, to just be clear and we all understand each other: you've had five certificates issued previously, had some trouble getting those certificates installed in nginx, ran into a rate limit and for some reason decided to delete 5 perfectly fine certificates?

Can you please post one of the log files from /var/log/letsencrypt/ which doesn't include the rate limit error? I.e.: from before that.

That won't help you with the current rate limit: those are written in stone and the individual rate limits cannot be nullified. But it can help us with your previous issue of cert installation.

2 Likes
5 
2021-09-08 22:06:44,284:DEBUG:certbot.main:certbot version: 0.40.0
2021-09-08 22:06:44,284:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'sn02.dstrackit.com']
2021-09-08 22:06:44,284:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-09-08 22:06:44,293:DEBUG:certbot.log:Root logging level set at 20
2021-09-08 22:06:44,293:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-09-08 22:06:44,294:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-09-08 22:06:44,294:DEBUG:certbot.plugins.selection:No candidate plugin
2021-09-08 22:06:44,294:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
2021-09-08 22:07:33,789:DEBUG:certbot.main:certbot version: 0.40.0
2021-09-08 22:07:33,790:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'sn02.dstrackit.com']
2021-09-08 22:07:33,790:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-09-08 22:07:33,798:DEBUG:certbot.log:Root logging level set at 20
2021-09-08 22:07:33,798:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-09-08 22:07:33,799:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-09-08 22:07:33,953:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f8ad2c9bac0>
Prep: True
2021-09-08 22:07:33,954:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7f8ad2c9bac0> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7f8ad2c9bac0>
2021-09-08 22:07:33,954:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-09-08 22:07:44,155:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-09-08 22:07:44,160:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-09-08 22:07:44,678:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-09-08 22:07:44,678:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 08 Sep 2021 22:07:44 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "aMgjpuwqWOc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-09-08 22:07:48,937:DEBUG:acme.client:Requesting fresh nonce
2021-09-08 22:07:48,937:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-09-08 22:07:49,072:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-09-08 22:07:49,073:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 08 Sep 2021 22:07:49 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001CwGH5ppxRgDzyrIQnsUmnKd9YMQ5jzEWKWEazw5hGFo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-09-08 22:07:49,073:DEBUG:acme.client:Storing nonce: 0001CwGH5ppxRgDzyrIQnsUmnKd9YMQ5jzEWKWEazw5hGFo
2021-09-08 22:07:49,073:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:silvertiger0321@gmail.com"\n  ],\n  "termsOfServiceAgreed": true,\n  "resource": "new-reg"\n}'
2021-09-08 22:07:49,077:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjhvcGlKcjFEYWhuakhHSjV2dFpnWkFzc1k0ampGOFE3S1pWaFhvdnVjbl9MSURtVU9WUjlwUFY2RTNsMUdyWUR3ZEhtakhpNUJ6SjNDQmk5VVpaV1JXMjJ3bjNSM3l1NlN4bkU1OEI1c0tCd0kwNWhnOVNTT0VOeS1iSVI0ZllTemE5MUhC>
  "signature": "2nc4ZZaEJ9n6yMuBrGwgIcr0cqBb96TaItdGFVnfwwfMy67C708ZSbNvUYtPbUupk6ZnIsvqC0jpcooqNpQBSMwkRPP0VUt8jLPMAD9gWk_ec8FeFFHdNAqGvPfLzkg9GjnwdBkcVxfya68_LMDyh0_RFWA5edlX14o14zuwlB_euGGZvfODtSF8vLsdq_knI3oS-8cBaUCe1i-Xr-qJ2Pwmpqqc>
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzaWx2ZXJ0aWdlcjAzMjFAZ21haWwuY29tIgogIF0sCiAgInRlcm1zT2ZTZXJ2aWNlQWdyZWVkIjogdHJ1ZSwKICAicmVzb3VyY2UiOiAibmV3LXJlZyIKfQ"
}
2021-09-08 22:07:49,554:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 568
2021-09-08 22:07:49,555:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 08 Sep 2021 22:07:49 GMT
Content-Type: application/json
Content-Length: 568
Connection: keep-alive
Boulder-Requester: 193229460
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/193229460
Replay-Nonce: 0002NTAHV2cZPZMprHLI0xYOvvFFz2NIJgPhABvfoJdqQ6A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "8opiJr1DahnjHGJ5vtZgZAssY4jjF8Q7KZVhXovucn_LIDmUOVR9pPV6E3l1GrYDwdHmjHi5BzJ3CBi9UZZWRW22wn3R3yu6SxnE58B5sKBwI05hg9SSOENy-bIR4fYSza91HBTUpEe9It3hp04kiemKer0faSvn1qyimPWVWBmux4w_QgGeU8b8sz524dgKen6VXija-yA02mg_WJbkajnulTQ_eI0UcJ>
    "e": "AQAB"
  },
  "contact": [
    "mailto:silvertiger0321@gmail.com"
  ],
  "initialIp": "35.178.67.147",
  "createdAt": "2021-09-08T22:07:49.387356094Z",
  "status": "valid"
}

2021-09-08 22:07:49,555:DEBUG:acme.client:Storing nonce: 0002NTAHV2cZPZMprHLI0xYOvvFFz2NIJgPhABvfoJdqQ6A
2021-09-08 22:07:49,562:DEBUG:certbot.reporter:Reporting to user: Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configurati>
2021-09-08 22:07:55,193:DEBUG:certbot.eff:Sending POST request to https://supporters.eff.org/subscribe/certbot:
{'data_type': 'json', 'email': 'silvertiger0321@gmail.com', 'form_id': 'eff_supporters_library_subscribe_form'}
2021-09-08 22:07:55,195:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): supporters.eff.org:443
2021-09-08 22:07:56,113:DEBUG:urllib3.connectionpool:https://supporters.eff.org:443 "POST /subscribe/certbot HTTP/1.1" 200 52
2021-09-08 22:07:56,114:DEBUG:certbot.eff:Received response:
b'{"status":false,"message":"Please try again later."}'
2021-09-08 22:07:56,115:DEBUG:certbot.reporter:Reporting to user: We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
2021-09-08 22:07:56,115:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f8ad2bf40a0>)>), contact=('>
2021-09-08 22:07:56,116:INFO:certbot.main:Obtaining a new certificate
2021-09-08 22:07:56,227:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
2021-09-08 22:07:56,229:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
2021-09-08 22:07:56,229:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sn02.dstrackit.com"\n    }\n  ]\n}'
2021-09-08 22:07:56,231:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTkzMjI5NDYwIiwgIm5vbmNlIjogIjAwMDJOVEFIVjJjWlBaTXBySExJMHhZT3Z2RkZ6Mk5JSmdQaEFCdmZvSmRxUTZBIiwgInVybCI6ICJodHRwczovL2FjbWUt>
  "signature": "OzusOp2WIhZC5RHUcikJYYoZsapu4NvhR9Q3Vd16GIbUv0s88Fj2PqWjor1zkNsTKvIzhCI2JM9i1xihktsMcfkIVN-61oAWH53oe00gr3-GW-yzNhOp6imAlRJt9MRKRbAeJMmISwTjcGhuDMAsra5y7NtN7u9Y53DPTrT8M_Ywl0qhsvS6N8H53sYskpCEpsPLMzmfqwYi5f96FAbggt2-Sil3>
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNuMDIuZHN0cmFja2l0LmNvbSIKICAgIH0KICBdCn0"
}
2021-09-08 22:07:56,404:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 274
2021-09-08 22:07:56,404:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Wed, 08 Sep 2021 22:07:56 GMT
Content-Type: application/problem+json
Content-Length: 274
Connection: keep-alive
Boulder-Requester: 193229460
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002wAcplpLpxJEtY4wQjxwC-o2CqKqSSKazKxirBbBy2pU

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: sn02.dstrackit.com: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
2021-09-08 22:07:56,404:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1132, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 381, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 863, in new_order
    return self.client.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 666, in new_order
    response = self._post(self.directory['newOrder'], order)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: sn0>
2021-09-08 22:07:56,409:ERROR:certbot.log:An unexpected error occurred:
2021-09-08 22:07:56,409:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: sn02.dstrackit.com: see >
2021-09-08 22:14:13,575:DEBUG:certbot.main:certbot version: 0.40.0
2021-09-08 22:14:13,575:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'sn02.dstrackit.com']
2021-09-08 22:14:13,575:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-09-08 22:14:13,583:DEBUG:certbot.log:Root logging level set at 20
2021-09-08 22:14:13,584:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-09-08 22:14:13,584:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-09-08 22:14:13,706:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7f9f49322a90>
Prep: True
...
6

That's a log with the rate limit.

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.