Keep current cert on localhost server

Help
1

My domain is: malakan.co.uk

The operating system my web server runs on is (include version): Ubuntu 24.04.1 LTS

My hosting provider: localhost

I can login to a root shell on my machine (yes or no, or I don't know): no, but I'm using a laptop as a server so have direct root access anyway.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not sure, it's through Docker, so latest stable at a guess.

Using Docker compose, I've been following this guide to setup docker, nginx, let's encrypt with SSL.

I successfully reached the Configure HTTPS in NGINX step, but then HTTPS is where things have gone wrong for me.

With all my testing I have reached the maximum number of certs in a day

too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2024-11-12 17:31:27 UTC

This seems to have been caused by the certbot --force-renewal flag, and from my search seems to not be recommended. I have removed this flag now, but please advise otherwise.

command: certonly --webroot -w /var/www/certbot --email email@example.com -d malakan.co.uk --agree-tos

Is there a certbot flag that doesn't renew the cert and uses the existing one? Looking at the logs seems to suggest there is a way to keep it:

certbot | You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
certbot | (ref: /etc/letsencrypt/renewal/malakan.co.uk.conf)
certbot |
certbot | What would you like to do?
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | 1: Keep the existing certificate for now
certbot | 2: Renew & replace the certificate (may be subject to CA rate limits)
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | An unexpected error occurred:
certbot | EOFError

Thanks!

2

Hi @SuperMalakan,

Supplemental

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

And to assist with debugging there is a great place to start is Let's Debug.

4 Likes
3

What shows?:
certbot certificates

4 Likes
4

Thank you, will look into these.

For the certbot command do I just put certbot --test-cert?

side note, am I able to edit the above post at all, would like to remove the email address :smiling_face_with_tear:?

1 Like
5

Yes use the pencil at the bottom right on your post

image
image500×157 2.48 KB

2 Likes
6

I don't have that button, maybe my account is too new?

2 Likes
7

certbot | Found the following certs:
certbot | Certificate Name: malakan.co.uk
certbot | Serial Number: 307a815767752df956bca77572837af3975
certbot | Key Type: ECDSA
certbot | Domains: malakan.co.uk
certbot | Expiry Date: 2025-02-09 08:15:02+00:00 (VALID: 89 days)
certbot | Certificate Path: /etc/letsencrypt/live/malakan.co.uk/fullchain.pem
certbot | Private Key Path: /etc/letsencrypt/live/malakan.co.uk/privkey.pem

8

You have a cert valid for 89 more days.
You need to skip whatever steps require you to get a cert and concentrate on the steps for using the cert you already have.

4 Likes
9

I've removed the certbot container from my docker file, seems to have stopped that issue.

Now, my issue is something to do with redirects:

BadRedirect
Error
Sending an ACME HTTP validation request to malakan.co.uk results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
Too many (10) redirects, last redirect was to: https://malakan.co.uk/.well-known/acme-challenge/letsdebug-test
Trace:
@0ms: Making a request to http://malakan.co.uk/.well-known/acme-challenge/letsdebug-test (using initial IP 2606:4700:3031::ac43:9b26)
@0ms: Dialing 2606:4700:3031::ac43:9b26
@144ms: Server response: HTTP 301 Moved Permanently
@144ms: Received redirect to https://malakan.co.uk/.well-known/acme-challenge/letsdebug-test
@144ms: Dialing 2606:4700:3031::ac43:9b26
@318ms: Server response: HTTP 301 Moved Permanently
@318ms: Received redirect to https://malakan.co.uk/.well-known/acme-challenge/letsdebug-test
@318ms: Dialing 2606:4700:3031::ac43:9b26
@506ms: Server response: HTTP 301 Moved Permanently
...
...

Where should I be looking to resolve this?

10

Start at Cloudflare:

Name:      malakan.co.uk
Addresses: 2606:4700:3032::6815:68f
           2606:4700:3031::ac43:9b26
           172.67.155.38
           104.21.6.143
4 Likes
11

On Cloudflare I have setup 1 DNS record for malakan.co.uk

image

This is a localhost server too, which may be playing a role in my issues for HTTPS, so going to put it down just in case for full disclosure: I have port-forwarding enabled on my router for 80:80 and 443:443 to my server/laptop

image
image295×151 6.49 KB

12

Ok, so I had missed a message at the bottom of the Let's Debug page about enabling Full SSL (strict) on Cloudflare, I have enabled this setting but now Let's Debug only shows that one error

image
image992×205 30.7 KB

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.