running this command:Preformatted text /usr/bin/certbot renew --quiet --renew-hook “service ngnix restart”Preformatted text
and got this error:
Preformatted textAttempting to renew cert (family.thegroveacademy.com.au) from /etc/letsencrypt/renewal/family.thegroveacademy.com.au.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/family.thegroveacademy.com.au/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)Preformatted text
You'll need to wait an hour until this rate limit has subsided, and then try again. If it still doesn't work at that point, then provide the new/different error message.
In the meantime, can you please show the full nginx virtual host configuration for family.thegroveacademy.com.au ?
At the moment it looks like you have a Rails app behind it, and it's not clear whether you're properly excluding the /.well-known/acme-challenge/ URL properly.
Attempting to renew cert (family.thegroveacademy.com.au) from /etc/letsencrypt/renewal/family.thegroveacademy.com.au.conf produced an unexpected error: Failed authorization procedure. family.thegroveacademy.com.au (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://family.thegroveacademy.com.au/.well-known/acme-challenge/0FIKD4zFE3SmHlIzxp3pwy_QmTtJAFtXL3MiPW_VYE8: "
Action Controller: Exception caught
<style". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/family.thegroveacademy.com.au/fullchain.pem (failure)
Add the code I suggested inside the port 443 server, reload nginx, and try run Certbot again with --dry-run (this will just do a test run to see if the change will fix your problem).
For the actual renewal you’ll have to wait, but you can try with --dry-run right now to see whether it will work in an hour, since it is not affected by rate limits.
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for family.thegroveacademy.com.au
Waiting for verification…
Cleaning up challenges
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/family.thegroveacademy.com.au/fullchain.pem
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/family.thegroveacademy.com.au/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
i ran this command: /usr/bin/certbot renew --quiet --renew-hook "service ngnix restart" **and after i tried to check site: ‘https://family.thegroveacademy.com.au/’, but still ssl doesn`t work… ** also tried: certbot renew --pre-hook “service nginx stop” --post-hook “service nginx start” and:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The following certs are not due for renewal yet:
/etc/letsencrypt/live/family.thegroveacademy.com.au/fullchain.pem (skipped)
No renewals were attempted.
No hooks were run.
If your /etc/letsencrypt/renewal/family.thegroveacademy.com.au.conf doesn’t contain a hook to reload nginx, you may need to manually modify that file so you don’t have to reload nginx next time.