My host domain always include "-1000" string end of my domain


#1

I try to renewal my domain.

./letsencrypt-auto certonly --renew-by-default --rsa-key-size 4096 --email example@example.com -d $DOMAIN --debug

It is seems to be success.
But /etc/letsencrypt/archive,live has unexpected folder "www.mydomain.com-1000"
Also the certification isn’t renewal to my domain.

expect) www.mydomain.com
actual) www.mydomain.com-1000

And I have any chance to try renewal with different options, coz “There were too many requests of a given type”.

Has somebody the same issue? And plz, let me know when it’s gone rateLimited error?


#2

Could you also show us the log from your run of the client?


#3

Can you share the output of
echo \"${DOMAIN}\"


#4

Sorry… I can’t reproduce because of “Too many request” issue.
But, I’m sure. It looks success;


#5

www.martmoa.com

Is it what you want???


#6

Hello @SSaMKJ,

Take a look to this picture:

1.- 21st Dec you created a certificate for www.martmoa.com

2.- 21st Dec you created a new certificate for www.martmoa.com AND martmoa.com, so letsencrypt expanded your current cert created only for www.martmoa.com

3.- 3rd March you created a certificate only for www.martmoa.com, so letsencrypt found that the dir /etc/letsencrypt/live/www.martmoa.com/ was taken and as you shrink the original certificate (contains only www.martmoa.com and not martmoa.com) and the current certificate contained 2 domains, letsencrypt decided to not touch the current one, so it created a new dir /etc/letsencrypt/live/www.martmoa.com-1000/ to locate the new cert.

So, if you add more domains (expand) to the certificate it will preserve the current dir, if you remove domains (shrink) to the certificate a new dir will be created.

I know there is/was some open issue to catch this situation but I can’t find it right now.

Cheers,
sahsanu


#7

If that was the exact output from the command, yes. Just making sure there wasn’t anything else appended to the $DOMAIN var.


#8

Thank you very much. You saved me!! and world!!


#9

@SSaMKJ, you are welcome… I didn’t know you were the Cheerleader :astonished: :smiley:


#10

@sahsanu
I tried all removed every files in /etc/letsencrypt/accounts, archive, css, keys, live, renewal
and do blew
./letsencrypt-auto certonly --rsa-key-size 4096 --email dev@martmoa.com -d www.martmoa.com --debug
but failed.

Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py”, line 1993, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py”, line 707, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/cli.py”, line 475, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/client.py”, line 269, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/letsencrypt/client.py”, line 229, in obtain_certificate_from_csr
authzr)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 319, in request_issuance
headers={‘Accept’: content_type})
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 652, in post
return self._check_response(response, content_type=content_type)
File “/root/.local/share/letsencrypt/lib/python2.6/site-packages/acme/client.py”, line 568, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: martmoa.com

please help me. I have only 10 days .


#11

Hello @SSaMKJ,

On 3rd March you issued 5 certs so try again later, today 10th March you should be able to issue 5 more certs for your domain.

Good luck,
sahsanu


#12

@sahsanu
Thank you for your answer, but I don’t understand. Please tell me more specific.

let me know the specific day.


#13

@SSaMKJ,

Let’s Encrypt has a rate limit (5 certs per 7 days), you have issued 5 certs in last 7 days, indeed you issued all of them on 3rd March:

DOMAIN (CN)       VALID FROM             VALID TO
www.martmoa.com   2016-Mar-03 03:55 UTC  2016-Jun-01 03:55 UTC
dev.martmoa.com   2016-Mar-03 03:50 UTC  2016-Jun-01 03:50 UTC
www.martmoa.com   2016-Mar-03 03:52 UTC  2016-Jun-01 03:52 UTC
www.martmoa.com   2016-Mar-03 03:46 UTC  2016-Jun-01 03:46 UTC
dev.martmoa.com   2016-Mar-03 03:39 UTC  2016-Jun-01 03:39 UTC

So you need to wait 7 days from the first certificate issued that in your case was this:

dev.martmoa.com 2016-Mar-03 03:39 UTC 2016-Jun-01 03:39 UTC

If you add 7 days + 1 minute to this certificate 2016-Mar-03 03:39 UTC + 7 days + 1 minute you get 2016-Mar-10 03:40 UTC which means that right now 2016-Mar-10 06:14 UTC you should be able to issue 5 more certs. That is the theory, if you tried to issue your certificate after 2016-Mar-10 03:40 UTC and you couldn’t then you need to wait just a few hours to be able to issue more certs or try again tomorrow just to be sure.

Cheers,
sahsanu


#14

@sahsanu
Dear my super hero.
It’s working. Thank you very much.
You saved universe.:heart_eyes: