Issue renewing certficate

mijo · October 12, 2020, 4:18pm

is this a matter of trying everyday ?
domain vorman.mooo.com

root@vorman:~/lets# ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/vorman.mooo.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert (vorman.mooo.com) from /etc/letsencrypt/renewal/vorman.mooo.com.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vorman.mooo.com/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/vorman.mooo.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
strong text

rg305 · October 12, 2020, 4:32pm

Although the domain mooo.com seems to be a free DDNS domain, it is not found in the PSL.
You might want to switch to a free domain that is [to avoid other related problems in the future].

However, "too many failed authorizations recently" is an indication of a completely different problem most likely directly related to the ACME client in use (or one of the underlying components).

I would strongly recommend that, if possible, you switch from certbot-auto to certbot via snapd.

griffin · October 13, 2020, 2:10am

This is the Let's Encrypt CA letting you know that you've run certbot too many times trying to acquire a certificate without satisfying the selected challenge(s) (e.g. http-01, dns-01).

You can add --dry-run to your certbot certonly and certbot renew commands to test using the staging servers, which issue false certificates and have much higher rate limits.

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently.