Let's Encrypt issued already expired cetificate

  1. myrootuser@mylinode:/opt/letsencrypt$ date
    Sun Feb 11 12:20:58 +03 2018

  2. myrootuser@mylinode:/opt/letsencrypt$ sudo -H ./letsencrypt-auto certonly --webroot --renew-by-default -w /home/myrootuser/sites/crystalidea.com/_site -d crystalidea.com -d www.crystalidea.com -w /home/myrootuser/sites/dev.crystalidea.com/crystalidea.com/_site -d dev.crystalidea.com -w /home/myrootuser/sites/forums.crystalidea.com -d forums.crystalidea.com
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Renewing an existing certificate
    Performing the following challenges:
    http-01 challenge for crystalidea.com
    http-01 challenge for www.crystalidea.com
    http-01 challenge for dev.crystalidea.com
    http-01 challenge for forums.crystalidea.com
    Using the webroot path /home/myrootuser/sites/forums.crystalidea.com for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/crystalidea.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/crystalidea.com/privkey.pem
    Your cert will expire on 2018-02-10. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again. To non-interactively renew all of your
    certificates, run “letsencrypt-auto renew”

After several attempts I get now rate limit error, all the domains are offline.

An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: crystalidea.com,dev.crystalidea.com,forums.crystalidea.com,www.crystalidea.com: see https://letsencrypt.org/docs/rate-limits/

Your certificates will expire on May 12 08:17:02 2018 GMT

See: https://crt.sh/?id=327595146 and https://crt.sh/?q=%crystalidea.com

The problem was in invalid symbolic links, somehow I had two directories:
/etc/letsencrypt/archive/crystalidea.com
/etc/letsencrypt/archive/crystalidea.com-0001

Had to change symlinks .pem files inside "/etc/letsencrypt/live/crystalidea.com"
to point to the most recent .pem files inside “/etc/letsencrypt/archive/crystalidea.com”

Thank you.

3 Likes

It’s probably because you got newer certificates that no longer covered old.crystalidea.com and you didn’t use --cert-name to tell Certbot to save the new certificates in the same place as the old certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.