Lost my private key file

i DELETED my private key file…

how can i get it back…

and i use command ‘certbot certonly --manual -d ‘*.aimeici.com’ --force-renewal’ get the error like this : “An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.aimeici.com: see https://letsencrypt.org/docs/rate-limits/”…

2 Likes

You deleted all five private keys?

First of all, you need to solemnly swear to this forum to never ever use --force-renewal again. Then we'll see if we want to help you get around the rate limits.

2 Likes

yeah…
because when i use the command as i mentioned above, it always show me success updated message, but the expired time never change in the message…so i thought it’s not updated successful…

then i deleted the new created key files , and tried many times with the command…

sorry for the --force-renewal param …but i have a little confused why can not use it…i googled it out and it works well every time before…

2 Likes

Because it always renews, whether you need it or not. In this case, you did not, and the expiration date didn't change (because it's longer than 30 days in the future).

Keep your certs for 60 days and let certbot renew them automatically.

2 Likes

ok i get that...next time i will not use the param

but it's not... because my certs last expiration date was today... so i tried to update it two days ago and the message did not show the correct expiration date cause i thought it's not success updated, and i delete the all key files :worried:

2 Likes

now I get what the problem is. you used certonly, which does not install your certificate, and you still saw the old certificate when connecting to your website. you need to install the certificate after obtaining it, using a --deploy-hook or manually. go find certbot’s manpage and read it carefully.

2 Likes

ok…
but is there any way to solve the current problem that i’ve deleted my private key file.
i can not open my web through https…that makes me fluster now :cry:

2 Likes

you can circumvent the rate limits, by searching the forum for the procedure. it comes up once… or twice per day.

2 Likes

You’re fired up today @9peppe. :laughing:

@yq122
I’m feeling generous today. After dealing with a monster issue for hours with little headway, I’m going to give you some clues. Follow @9peppe’s advice and don’t make regret my actions. @9peppe might grill me :scream:

  1. You can see any certificates you’ve successfully generated at https://crt.sh/?q=aimeici.com. Considering that Let’s Encrypt always generates pairs of associated certs, from your 10 entries dated August 14 you can see that you have 5 successful renewals. So, anytime you successfully generate a cert, it can be seen (and downloaded) there. Just don’t lose your private key.
  2. You can get another certificate (don’t murder me @9peppe) by adding your main domain name aimeici.com to your new request. So:

certbot certonly --manual -d aimeici.com,*.aimeici.com

As @9peppe pointed out, if you want certbot to also install the certificate, just remove certonly from the command.

5 Likes

You definitely want to have aimeici.com on your certificate anyhow. Currently you have some major problems without it.

2 Likes

THANKS A LOT…

it all done, my application can open through https now… that’s very kind of you two @freessltools.com @9peppe

and i solemnly swear to this forum to never ever use --force-renewal again.

again big thanks…you two have a nice day

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.