Multiple numbered dirs in /etc/letsencrypt/live


#1

Cannot renew certs and now rate limited, don’t understand the instructions for escaping that. :frowning:

Other questions I have are - Why are there multiple entries in /etc/letsencrypt/live for data-web-0001 thru data-web-005? Why is it attempting to renew each of those? Is this the reason I’ve hit a rate limit? My renewal cron only runs once every 12 hours. How did I end up in this situation?

Why all the references in the log to type: dns? I thought I was using http verification?

As you can see, my head is spinning! :smile:
I’m not all that concerned with waiting a week to be un-rate-limited. I AM concerned that I be able to fix what is wrong that led to this situation.

Thanks in advance if anyone can help!

My domain is: data-web.net

Cron ran this command as root:
test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(43200))’ && certbot -q renew

It produced this output:

Log output from one run exceeds 50,000 characters so the forum will not allow me to post it. I will see if I can upload a text file?letsencrypt.txt (12.0 KB)

My web server is (include version): Apache 2.4.34 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu Server 16.04.4

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Certificate name numbering can happen when you’ve issued multiple certificates that share the same first name (data-web.net) but overall have a different set of names.

Usually Certbot will ask you if you want to expand an existing certificate (or you can pass --cert-name to ensure it replaces the existing certificate), but it depends how you invoked Certbot each of those times.

To see all the different variants you’ve issued:

sudo certbot certificates

To delete the ones you don’t need anymore (for example):

sudo certbot delete --cert-name data-web.net-002

#3

Thank you very much! Using those commands I was able to see that I had duplicated data-web.net in another cert. I got rid of the unneeded certs and all is well. Again, thank you_az!!!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.