It produced this output:
"Some challenges have failed."
Although now it does "There were too many requests of a given type"
My web server is (include version):
Apache 2
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no, ssh
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It was an old version, that worked for several years, but I just now upgraded using these instructions, so now it is 1.20.0. I suspect the reason is that I may have changed the _acme-challenge TXT file in AWS route 53. But now I don't know where to look for what I am supposed to write in that text file. Once the rate-limit expires I want to retry without having any TXT-file, hopefully it'll tell me what to write. But please write here if you have a better suggestion, I'm a bit anxious to not have too much down-time, obviously
I see you issued a wildcard cert today so do you still need help?
Note the most recent cert is only for name *.impute.me so works for domain names like www.impute.me but will not work for impute.me by itself. You may want to add that name to the wildcard cert.
If you still need help let us know what DNS provider you use - is it Route53?
You can learn about rate limits below. Your error was for 5 failed attempts in an hour. You can use --dry-run or --test-cert to use the test system and avoid limits. Then remove that to create a live cert.
Lastly, if you do not need a wildcard cert you could use the HTTP challenge itself. Your past certs were just for your apex and www domain names.
Yes, thanks, I still need help. I just wrote a long post, but that seems to have been caught in a spam-filter, so I'll do it again, with less code-examples. Maybe that's what triggered the spam-filter.
Anyway - yes, I am using route 53 and that DNS-01 setup, and have since 2017. Last week, or so, I had trouble renewing and made some changes I shouldn't have made I think. So now I don't have access to that TXT string. I'm guessing I have to revoke what I have and start over, but any tips would be helpful.
@lassefolkersen I need to be away for a bit but maybe this will be enough for you to figure it out.
The http challenge is being used in this sample (not DNS) which is best I think for this. The Lets Encrypt server is making a request to your server but getting a faulty response. I tested a similar response and get a 403 error same as you see. In my case I should get a 404 (not found) since the file is not there. But, in your case it should have been a 200 (found).
Check your server defs and make sure this request returns a 404. Then try to renew again with --dry-run
Ok, Mike --- thanks a lot! I think I managed to fix it, at least the server is running again and certificates check out and https is on. Your points helped me a lot, but feel free to give it a checkup later - I will too myself (and just sent a donation to letsencrypt, thanks for all your work guys!)
