somewhere above someone wrote about week limits, LOL
Show the output of:
root@blog:/etc# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificates found.
well, indeed, as I said above - the server was completely reinstalled
No, but you can find "week" there. But you don't need to, because I posted the relevant language up-topic. And despite your repeated insistence that these aren't renewals, the limit for duplicate certificates applies anyway.
The main limit is Certificates per Registered Domain (50 per week).
This limit not reached.
Have you read "duplicate" ?
That limit will never be reached when reissuing the exact same set of names.
...and there are several others. For heaven's sake, I posted a screen shot of the relevant language, in case the error message wasn't clear enough (and I honestly don't see how it could possibly be more clear). Are you being deliberately obtuse?
Your "logic" seems to follow the I must break all rules to be wrong.
Where it is, when any rule is broken, you are wrong.
Due to a certbot error, I lost the ability to register the certificate. What is incomprehensible in this? Why couldn't certbot recognize nginx configs correctly? I do not know. But it became my problem.
No, you didn't. You successfully created five identical certificates in the span of twelve minutes. Whatever the problem was, it wasn't inability to create a cert ("register the certificate" is meaningless). And the rate limit that's been pointed out to you several times in this topic prevents you from issuing more than five duplicate certs in a span of one week--exactly as the error message you received said. So, yes, you're now unable to issue any more certificates for that set of domains until one week from the time of the first cert.
My logic is simple: production code must work correctly. In all cases.
If the error was caused by the fault of the software - the software should not impose restrictions on the user
Why software (certbot) error become my problem?
Welcome to the Let's Encrypt Community
The original problem was a certificate installation problem as certificate acquisition clearly succeeded. I agree completely that certbot should not keep acquiring certificates (which is why I always recommend adding
--keep to most all certbot commands). I believe that you should have been prompted by certbot to avoid acquiring unnecessary new certificates. It is completely possible to install staging/fake certificates to debug/fix the installation problem in the meantime (which I highly recommend doing). That way the production/real certificates will be installed into a functional environment once the duplicate certificate rate limit has lifted.
Be willing to replace or renew valid certificates with invalid (testing/staging) certificates (default: False)
Why should it not be? Why should the CA assume the risk of errors with every third-party client (and every client is a third-party client)?
Toxicity is the norm?
At some point I understood (approximately on the 4th iteration), which I can exceed the established constraints and with further execution of commands (there were about 10), they chose 'reinstall' instead of 'register'.
But no, the problem has repeated once at a time with an existing certificate. Neither reinstalling nginx, nor restarting the server nor reinstalling software (certbot package).
I hoped that this error would not occur after reinstalling the server, but check it ... I can't.
certbot-nginx from debian stable is third-party client? LOL.
Yes, certbot is developed by the EFF.
And if you installed it from apt, you got a really old version. Check the install instructions here https://certbot.eff.org
Yes, it is, your mockery aside. Let's Encrypt did (and do) not develop certbot, thus it is a third-party client, just like acme.sh, or certifytheweb, or any of the dozens of other clients.
That sounds like a bug. Reinstall should not be acquiring new certificates.
I think you mean that you finally started using "reinstall", which makes sense. It was the correct thing to do, but it won't fix the installation issue by itself.
wait a bit... install certbot with SNAP???
Sorry, why not docker? (sarcasm)
The use of pseudualization systems to install system utilities is the way to the abyss