Problem with certbot-auto renew - always renewing domain


I’ve recently switched from 0.40 LE client to certbot-auto (since I’m running Ubuntu 14.04 there isn’t a package available) but it seems I hit the rate limits, unlike before when I was using letsencrypt-auto renew with the same setup, it seems the new client is requesting a domain every time?

/opt/certbot-auto renew --quiet --rsa-key-size 4096 > /dev/null
Checking for new version…
Requesting root privileges to run certbot…
/root/.local/share/letsencrypt/bin/letsencrypt renew --quiet --rsa-key-size 4096
2016-05-25 20:33:58,730:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for exact set of Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

I look in the archive directory and there is a directory with cert1.pem cert2.pem cert3.pem…etc and another one that’s being currently used with which similarly has multiple certs…thing is the domain doesn’t need to be updated, but it seems to be doing it every time. I thought the default even run as cron was to wait until 30 days before? Has that changed?

Here is my renewal settings (I’ve now enabled renew_before_expiry and --keep-until-expiry but strange it wasn’t doing this before?) Also I’m using Apache but with webroot; that’s a legacy thing from using nginx which I plan to switch back to. I’ve anonymised them, don’t want to give away security info - is obviously my domain, etc.

# renew_before_expiry = 30 days
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

# Options and defaults used in the renewal process
installer = None
authenticator = webroot
rsa_key_size = 4096
account = xxxxxxxxxxxxxxxxx
[[webroot_map]] = /xxx/xxx/xxxxx

And the configs:

# the domain we want to get the cert for;
# technically it's possible to have multiple of this lines, but it only worked
# with one domain for me, another one only got one cert, so I would recommend
# separate config files per domain.
domains =

# increase key size
rsa-key-size = 4096

# the current closed beta (as of 2015-Nov-07) is using this server
server =

# this address will receive renewal reminders
email =

# turn off the ncurses UI, we want this to be run as a cronjob
text = True

# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
# and then letting LE fetch it
authenticator = webroot
webroot-path = /xxx/xxx/xxxxx

Certbot 0.11.1 on CentOS 7 always renews

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.