Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: armsso.ornl.gov & sso.arm.gov
I ran this command: acme.sh --issue -d armsso.ornl.gov -d sso.arm.gov -w --log
It produced this output: too many failed authorizations recently
My web server is (include version): Apache/2.4.6
The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme.sh v2.8.2
Does the timeout reset after every failed attempt? We were waiting for dns to propagate and hit that 5th one. I’m not sure how long ago we hit that 5th one and I don’t want to keep running it if it keeps pushing the hour back.
Hi @corygstuart
that's 5 failed / per hour - limit. So one hour later, you can try it again.
But there is a new certificate ( https://check-your-website.server-daten.de/?q=armsso.ornl.gov#ct-logs ):
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2019-07-01
2019-09-29
armsso.ornl.gov - 1 entriesduplicate nr. 1
And you use it:
CN=armsso.ornl.gov
01.07.2019
29.09.2019
expires in 89 days armsso.ornl.gov - 1 entry
Didn't checked your other domain, but this domain works.
PS: You don't have a redirect http -> https. So if you use the http version, it's insecure.
Thanks! Yes, the problem is we need that certificate to also include sso.arm.gov . Thanks for pointing out the lack of a redirect. That’s been addressed. We’re getting invalid responses now when trying to renew with the --test flag.
That domain is blocked ( https://check-your-website.server-daten.de/?q=sso.arm.gov ):
Domainname
Http-Status
redirect
Sec.
G
• http://sso.arm.gov/
128.219.248.24
-2
1.357
V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 128.219.248.24:80
• https://sso.arm.gov/
128.219.248.24
-2
1.357
V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 128.219.248.24:443
• http://sso.arm.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
128.219.248.24
-2
1.364
V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 128.219.248.24:80
Looks like a firewall.
There - Lockout from failed attempts - #3 by JuergenAuer - I didn't copy the /.well-known/acme-challenge check, because there was the expected anwer http status 404 - Not Found.
But the second domain is blocked, so Letsencrypt can't check the domain name.
Perhaps it's easier to create two different certificates, one per domain name.
system
August 1, 2019, 3:38pm
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.