Let's Encrypt issued already expired cetificate

crystaldea · February 11, 2018, 9:39am

myrootuser@mylinode:/opt/letsencrypt$ date
Sun Feb 11 12:20:58 +03 2018
myrootuser@mylinode:/opt/letsencrypt$ sudo -H ./letsencrypt-auto certonly --webroot --renew-by-default -w /home/myrootuser/sites/crystalidea.com/_site -d crystalidea.com -d www.crystalidea.com -w /home/myrootuser/sites/dev.crystalidea.com/crystalidea.com/_site -d dev.crystalidea.com -w /home/myrootuser/sites/forums.crystalidea.com -d forums.crystalidea.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for crystalidea.com
http-01 challenge for www.crystalidea.com
http-01 challenge for dev.crystalidea.com
http-01 challenge for forums.crystalidea.com
Using the webroot path /home/myrootuser/sites/forums.crystalidea.com for all unmatched domains.
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/crystalidea.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/crystalidea.com/privkey.pem
Your cert will expire on 2018-02-10. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew all of your
certificates, run “letsencrypt-auto renew”

After several attempts I get now rate limit error, all the domains are offline.

An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: crystalidea.com,dev.crystalidea.com,forums.crystalidea.com,www.crystalidea.com: see https://letsencrypt.org/docs/rate-limits/

Osiris · February 11, 2018, 10:00am

Your certificates will expire on May 12 08:17:02 2018 GMT

See: https://crt.sh/?id=327595146 and https://crt.sh/?q=%crystalidea.com

crystaldea · February 11, 2018, 12:42pm

The problem was in invalid symbolic links, somehow I had two directories:
/etc/letsencrypt/archive/crystalidea.com
/etc/letsencrypt/archive/crystalidea.com-0001

Had to change symlinks .pem files inside "/etc/letsencrypt/live/crystalidea.com"
to point to the most recent .pem files inside “/etc/letsencrypt/archive/crystalidea.com”

Thank you.

schoen · February 12, 2018, 9:17pm

It’s probably because you got newer certificates that no longer covered old.crystalidea.com and you didn’t use --cert-name to tell Certbot to save the new certificates in the same place as the old certificates.

system · March 14, 2018, 9:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.