Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version):
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.3.15
The operating system my web server runs on is (include version):
CentOS 7.1 64-bit
My hosting provider, if applicable, is:
domainesia
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.0.0
Helo,
First of all, i generate ssl for domain cargo-hemat.com in previous VPS and success.
and then i move this domain into another VPS, I was trying generate SSL this domain together with another domain (dev1.cargo-hemat.com). The domain dev1.cargo-hemat.com is success, but the domain cargo-hemat.com is invalid.
I give screenshot of this 2 domains, why the issuer of this 2 domain is different ?
I just revoke with this command :
[root@cargo-hemat ~]# certbot revoke --cert-path /etc/letsencrypt/live/cargo-hemat.com-0001/cert.pem --reason superseded
and certbot certificate become
[root@cargo-hemat ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: dev1.cargo-hemat.com
Domains: dev1.cargo-hemat.com
Expiry Date: 2020-05-27 05:55:24+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/dev1.cargo-hemat.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dev1.cargo-hemat.com/privkey.pem
After that im trying to generate new certificate…by command below
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: cargo-hemat.com: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
Is it means that i can issue new certificate next week ?
@dillahdoang, somewhere on your filesystem (in /etc/letsencrypt I dare say), unless you have deleted it, there is a valid certificate for the domains you need, issued yesterday: https://crt.sh/?q=cargo-hemat.com
The certs shown are unique and unrelated to each other - neither supersedes the other.
Deleting either would have been "wrong" enough.
You add insult to that injury by also revoking a perfectly good cert.
[root@cargo-hemat ~]# certbot --duplicate --reinstall --apache -d cargo-hemat.com -d www.cargo-hemat.com -d dev1.cargo-hemat.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Created an SSL vhost at /etc/httpd/sites-available/cargo-hemat.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/cargo-hemat.com-le-ssl.conf
Enabling site /etc/httpd/sites-available/cargo-hemat.com-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/sites-available/cargo-hemat.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/dev1.cargo-hemat.com-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enhancement redirect was already set.
Enhancement redirect was already set.
Enhancement redirect was already set.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cargo-hemat.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cargo-hemat.com/privkey.pem
Your cert will expire on 2020-05-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
Some rewrite rules copied from
/etc/httpd/sites-enabled/cargo-hemat.com.conf were disabled in the
vhost for your HTTPS site located at
/etc/httpd/sites-available/cargo-hemat.com-le-ssl.conf because they
have the potential to create redirection loops.
If you like Certbot, please consider supporting our work by:
in subdomain dev1.cargo-hemat.com , the https works fine, and when i check the certification information in browser, this certification issued to cargo-hemat.com..it is different with the previous.
I try to compare the certification information in browser
this is in url https://cargo-hemat.com
CMIIW, I think domain cargo-hemat still not get the new certificate, based on date of "valid from.."
And I would like to ask, I have another subdomain in another server..is it gonna be a problem, since this certificate issued to main domain of cargo-hemat.com.
You need to check your VirtualHost blocks for cargo-hemat.com. It’s pulling a self-signed Certificate from your server (which usually means it’s routing to the default 443 vhost instead of the 443 vhost you have set up for cargo-hemat.com).
It also means it isn’t pulling the proper certificate, it would work just fine had it pulled both.
@dillahdoang, you need to check all the ServerName directives anywhere in /etc/httpd/sites-enabled . there should be one per file (or more). maybe some are in /etc/httpd/httpd.conf
Certbot says the cert is installed, so it’s apache now we’re debugging
Reading on this, if you dont't have any other website hosted on that machine you can remove all other files from the sites-enabled directory. (you should probably use the a2dissite helper command)
I am using centos 7 , and based on my searching in google , there is no command "a2dissite". in centos.. CMIIW
When I see the content of folder /sites-enabled/ ..it contents of symbolic link from folder /sites-available/ ..
so, is it i have to make symbolic link for 2 file ssl.conf that exist ini sites-available..
but, the thing that make me confuse is without ssl.conf in sites-enabled, domain dev1.cargo-hemat.com still running ok.
You do not need to create a symbolic link for the le-ssl.conf file. It is already linked as an include in the httpd.conf file. However if your server name reflects cargo-hemat.com it may be automatically routing to your default VirtualHost in /etc/httpd/conf.d/ssl.conf instead of the one that certbot made.
