Good morning dear,
Requested for your support, my certificate is going to meet 90 days and I have problems with the renewal, I get the following error
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
They could support me indicating some solution.
Hi @Edson
please answer the following questions. That’s the standard template of #help
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
PS: Your older topic:
If it's the same domain, do the same.
There is a non-standard port used, so you have to do additional steps, so that this non-standard-port uses the certificate.
confirming, it's the same domain, only now I got the error mentioned above
if I have shell access
domain is speedtest.redeshibridas.com.gt
confirming, it’s the same domain, only now I got the error mentioned above
if I have shell access
domain is speedtest.redeshibridas.com.gt
Challenge failed for domain speedtest.redeshibridas.com.gt
Attempting to renew cert (speedtest.redeshibridas.com.gt) from /etc/letsencrypt/renewal/speedtest.redeshibridas.com.gt.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/speedtest.redeshibridas.com.gt/fullchain.pem (failure)
That’s a completely unspecific error. That means only: Too much failed orders.
The command, the config file and the detailed output is required.
To understand, why an order doesn’t work.
Checking your configuration https://check-your-website.server-daten.de/?q=speedtest.redeshibridas.com.gt
That’s buggy.
Your http sends SSL-content:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://speedtest.redeshibridas.com.gt/ | ||||
| 138.94.253.6 | 400 | 0.356 | M | |
| Bad Request | ||||
| • https://speedtest.redeshibridas.com.gt/ | ||||
| 138.94.253.6 | -4 | 0.800 | W | |
| SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format. | ||||
| • https://speedtest.redeshibridas.com.gt:80/ | ||||
| 138.94.253.6 | 200 | 2.166 | Q | |
| • http://speedtest.redeshibridas.com.gt/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 138.94.253.6 | 400 | 0.380 | M | |
| Bad Request | ||||
| Visible Content: Bad Request Your browser sent a request that this server could not understand. Reason: You’re speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Apache/2.4.18 (Ubuntu) Server at speedtest.redeshibridas.com.gt Port 443 |
And your https sends http content.
Is there a wrong (inverted) port forwarding? Or is the webserver configuration wrong?
No, the failed challenges error isn't a real problem. Wait one hour, then that rate limit is gone.
If your port 80 sends SSL content, that's the reason your challenge fails. That can't work.
PS: And there you see the same error: Bad request - http status 400.
I wait an hour, after that I go back to the command sudo certbot renew --dry-run
and will work the renewal of my certificate in the domain speedtest.redeshibridas.com.gt?
You have already waitet one hour. Your error says: Bad Request - http status 400. Same as https://check-your-website.server-daten.de/?q=speedtest.redeshibridas.com.gt checking http + /.well-known/acme-challenge/random-filename
after waiting 1 hour
try the command sudo certbot renew --dry-run and even gave me the same error,
what can I do to solve it I want to renew my certificate that expires on June 9
That's not the same error, that's a - better - http status 404 - Not Found.
There is a new check of your domain - https://check-your-website.server-daten.de/?q=speedtest.redeshibridas.com.gt
Now the main configuration is ok:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://speedtest.redeshibridas.com.gt/ | ||||
| 138.94.253.6 | 200 | 0.370 | H | |
| • https://speedtest.redeshibridas.com.gt/ | ||||
| 138.94.253.6 | 200 | 1.814 | B | |
| • http://speedtest.redeshibridas.com.gt/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 138.94.253.6 | 404 | 0.457 | A | |
| Not Found | ||||
| Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.18 (Ubuntu) Server at speedtest.redeshibridas.com.gt Port 80 | ||||
So find your webroot / DocumentRoot and use it:
certbot run -a webroot -i apache -w yourDocumentRoot -d speedtest.redeshibridas.com.gt
The document root is defined in your vHost configuration. Not the path of the Certbot renew files.
If you use try and error, that can’t work.
Check your port 80 vHost, there should be the DocumentRoot defined. If not, define one.
Then check that: Create the two subdirectories
yourWebRoot/.well-known/acme-challenge
there a file (file name 1234), then try to load that file via
http://speedtest.redeshibridas.com.gt/.well-known/acme-challenge/1234
If that works, you have found your correct webroot.
