Rate limit problem

Hello,

my problem is that certbot doesn’t renew one of my certificates anymore. “günauer.de (günauer.de)” is my domain and i got 3 subdomains. The domain and the subdomains all got their own certificate (-> no wildcard). I can’t figure out why im getting above the rate-limit and what i can do about it. I hope someone can help me. Would much appreciate it.
Thank you very much

My domain is: günauer.de (günauer.de)

I ran this command: certbot renew

It produced this output: “Attempting to renew cert (günauer.de) from /etc/letsencrypt/renewal/xn–gnauer-3ya.de.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: günauer.de: see https://letsencrypt.org/docs/rate-limits/. Skipping.”

My web server is (include version): Apache2 2.4.25-3+deb9u7

The operating system my web server runs on is (include version): Raspbian GNU/Linux 9 \n \l

My hosting provider, if applicable, is: Hosting it myself at home on a RaspberryPi with no static IP address but a script which pushes the new IP address into the nameserver.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

https://letsdebug.net/xn--gnauer-3ya.de/45159

RateLimit

Error

günauer.de is currently affected by Let’s Encrypt-based rate limits (https://letsencrypt.org/docs/rate-limits/). You may review certificates that have already been issued by visiting https://crt.sh/?q=%xn--gnauer-3ya.de . Please note that it is not possible to ask for a rate limit to be manually cleared.

The Duplicate Certificate limit (5 certificates with the exact same set of domains per week) has been exceeded and is affecting the domain “günauer.de”. The exact set of domains affected is: “günauer.de”. It may be possible to avoid this rate limit by issuing a certificate with an additional or different domain name.
where are all those certificates gone and why you don’t use those?

@orangepizza A few weeks/months ago I had a couple more certificates but for subdomains only. I messed around at the beginning because I had not much experience with all this. I removed and revoked all of them except the 4 (3 subdomains + 1 main domain cert). Since these are not even 5 I don’t know where the others come from which exceed my rate limit. I don’t know how not to exceed the limit because i dont know where i exceed it (if that makes sense).

Hi @Fernien

revoking certificates doesn't reset the rate limit.

Please read

Revoking certificates does not reset rate limits , because the resources used to issue those certificates have already been consumed.

Hi @JuergenAuer,

i know that revoking them won’t reset the rate limit. I read that. But it should prevent it from using my rate limit in the future or am I wrong?

That's wrong, the certificate is already created

@JuergenAuer
I meant with “future” after the certificate expired. I did not express myself correctly. After the certificate expired it shouldn’t contribute to the rate-limit anymore, should it?

certificate older then 7 days after Creation isn’t counted

The rate limit ist "5 identical certificates in 7 days". If you wait 7 days, you can create the next certificate.

The only thing contributing to the rate limit is that something keeps making new certificates. As shown in orangepizza’s post:

https://crt.sh/?q=%xn--gnauer-3ya.de

(Note that, due to how Certificate Transparency is implemented, almost all of them are listed twice. Only half of them are real certificates that count.)

As a guess, can you post the output of:

sudo certbot certificates

sudo ls -alR /etc/letsencrypt/{archive,csr,live,renewal}

(If your Certbot executable or configuration directory are located elsewhere, substitute the correct paths.)

certbot certificates output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/xn–gnauer-3ya.de/cert.pem is unknown

Found the following certs:
Certificate Name: günauer.de
Domains: günauer.de
Expiry Date: 2019-06-07 13:37:07+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/xn–gnauer-3ya.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xn–gnauer-3ya.de/privkey.pem
Certificate Name: cloud.günauer.de
Domains: cloud.günauer.de wiki.günauer.de
Expiry Date: 2019-09-14 03:58:05+00:00 (VALID: 84 days)
Certificate Path: /etc/letsencrypt/live/cloud.xn–gnauer-3ya.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/cloud.xn–gnauer-3ya.de/privkey.pem
Certificate Name: wiki.günauer.de
Domains: wiki.günauer.de
Expiry Date: 2019-08-09 17:12:31+00:00 (VALID: 48 days)
Certificate Path: /etc/letsencrypt/live/wiki.xn–gnauer-3ya.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/wiki.xn–gnauer-3ya.de/privkey.pem
Certificate Name: home.günauer.de
Domains: home.günauer.de
Expiry Date: 2019-09-10 19:01:30+00:00 (VALID: 80 days)
Certificate Path: /etc/letsencrypt/live/home.xn–gnauer-3ya.de/fullchain.pem
Private Key Path: /etc/letsencrypt/live/home.xn–gnauer-3ya.de/privkey.pem

output ls -alR /etc/letsencrypt/{archive,csr,live,renewal}:

/etc/letsencrypt/archive:
insgesamt 40
drwx------ 10 root root 4096 Jun 12 12:04 .
drwxr-xr-x 9 root root 4096 Jun 21 22:53 …
drwxr-xr-x 2 root root 4096 Jun 16 06:58 cloud.günauer.de
drwxr-xr-x 2 root root 4096 Dez 8 2018 dieter.günauer.de
drwxr-xr-x 2 root root 4096 Jun 12 22:01 home.günauer.de
drwxr-xr-x 2 root root 4096 Mai 11 20:12 wiki.günauer.de
drwxr-xr-x 2 root root 4096 Dez 8 2018 www.dieter.günauer.de
drwxr-xr-x 2 root root 4096 Feb 13 20:30 günauer.de
drwxr-xr-x 2 root root 4096 Mär 9 15:29 xn–gnauer-3ya.de-0001
drwxr-xr-x 2 root root 4096 Mär 9 15:37 xn–gnauer-3ya.de-0002

/etc/letsencrypt/archive/cloud.xn–gnauer-3ya.de:
insgesamt 120
drwxr-xr-x 2 root root 4096 Jun 16 06:58 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 2208 Okt 17 2018 cert1.pem
-rw-r–r-- 1 root root 2208 Okt 17 2018 cert2.pem
-rw-r–r-- 1 root root 2208 Okt 17 2018 cert3.pem
-rw-r–r-- 1 root root 1964 Dez 17 2018 cert4.pem
-rw-r–r-- 1 root root 1964 Feb 15 18:47 cert5.pem
-rw-r–r-- 1 root root 1968 Apr 17 04:13 cert6.pem
-rw-r–r-- 1 root root 1968 Jun 16 06:58 cert7.pem
-rw-r–r-- 1 root root 1647 Okt 17 2018 chain1.pem
-rw-r–r-- 1 root root 1647 Okt 17 2018 chain2.pem
-rw-r–r-- 1 root root 1647 Okt 17 2018 chain3.pem
-rw-r–r-- 1 root root 1647 Dez 17 2018 chain4.pem
-rw-r–r-- 1 root root 1647 Feb 15 18:47 chain5.pem
-rw-r–r-- 1 root root 1647 Apr 17 04:13 chain6.pem
-rw-r–r-- 1 root root 1647 Jun 16 06:58 chain7.pem
-rw-r–r-- 1 root root 3855 Okt 17 2018 fullchain1.pem
-rw-r–r-- 1 root root 3855 Okt 17 2018 fullchain2.pem
-rw-r–r-- 1 root root 3855 Okt 17 2018 fullchain3.pem
-rw-r–r-- 1 root root 3611 Dez 17 2018 fullchain4.pem
-rw-r–r-- 1 root root 3611 Feb 15 18:47 fullchain5.pem
-rw-r–r-- 1 root root 3615 Apr 17 04:13 fullchain6.pem
-rw-r–r-- 1 root root 3615 Jun 16 06:58 fullchain7.pem
-rw-r–r-- 1 root root 1704 Okt 17 2018 privkey1.pem
-rw-r–r-- 1 root root 1704 Okt 17 2018 privkey2.pem
-rw-r–r-- 1 root root 1704 Okt 17 2018 privkey3.pem
-rw-r–r-- 1 root root 1704 Dez 17 2018 privkey4.pem
-rw-r–r-- 1 root root 1704 Feb 15 18:47 privkey5.pem
-rw-r–r-- 1 root root 1704 Apr 17 04:13 privkey6.pem
-rw-r–r-- 1 root root 1704 Jun 16 06:58 privkey7.pem

/etc/letsencrypt/archive/dieter.xn–gnauer-3ya.de:
insgesamt 24
drwxr-xr-x 2 root root 4096 Dez 8 2018 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1935 Dez 8 2018 cert1.pem
-rw-r–r-- 1 root root 1647 Dez 8 2018 chain1.pem
-rw-r–r-- 1 root root 3582 Dez 8 2018 fullchain1.pem
-rw-r–r-- 1 root root 1704 Dez 8 2018 privkey1.pem

/etc/letsencrypt/archive/home.xn–gnauer-3ya.de:
insgesamt 40
drwxr-xr-x 2 root root 4096 Jun 12 22:01 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1931 Apr 13 22:33 cert1.pem
-rw-r–r-- 1 root root 1931 Jun 12 22:01 cert2.pem
-rw-r–r-- 1 root root 1647 Apr 13 22:33 chain1.pem
-rw-r–r-- 1 root root 1647 Jun 12 22:01 chain2.pem
-rw-r–r-- 1 root root 3578 Apr 13 22:33 fullchain1.pem
-rw-r–r-- 1 root root 3578 Jun 12 22:01 fullchain2.pem
-rw-r–r-- 1 root root 1704 Apr 13 22:33 privkey1.pem
-rw-r–r-- 1 root root 1704 Jun 12 22:01 privkey2.pem

/etc/letsencrypt/archive/wiki.xn–gnauer-3ya.de:
insgesamt 56
drwxr-xr-x 2 root root 4096 Mai 11 20:12 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1931 Jan 11 12:52 cert1.pem
-rw-r–r-- 1 root root 1931 Mär 12 14:21 cert2.pem
-rw-r–r-- 1 root root 1927 Mai 11 20:12 cert3.pem
-rw-r–r-- 1 root root 1647 Jan 11 12:52 chain1.pem
-rw-r–r-- 1 root root 1647 Mär 12 14:21 chain2.pem
-rw-r–r-- 1 root root 1647 Mai 11 20:12 chain3.pem
-rw-r–r-- 1 root root 3578 Jan 11 12:52 fullchain1.pem
-rw-r–r-- 1 root root 3578 Mär 12 14:21 fullchain2.pem
-rw-r–r-- 1 root root 3574 Mai 11 20:12 fullchain3.pem
-rw-r–r-- 1 root root 1704 Jan 11 12:52 privkey1.pem
-rw-r–r-- 1 root root 1708 Mär 12 14:21 privkey2.pem
-rw-r–r-- 1 root root 1704 Mai 11 20:12 privkey3.pem

/etc/letsencrypt/archive/www.dieter.xn–gnauer-3ya.de:
insgesamt 24
drwxr-xr-x 2 root root 4096 Dez 8 2018 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1948 Dez 8 2018 cert1.pem
-rw-r–r-- 1 root root 1647 Dez 8 2018 chain1.pem
-rw-r–r-- 1 root root 3595 Dez 8 2018 fullchain1.pem
-rw-r–r-- 1 root root 1704 Dez 8 2018 privkey1.pem

/etc/letsencrypt/archive/xn–gnauer-3ya.de:
insgesamt 56
drwxr-xr-x 2 root root 4096 Feb 13 20:30 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 2256 Okt 16 2018 cert1.pem
-rw-r–r-- 1 root root 2013 Dez 15 2018 cert2.pem
-rw-r–r-- 1 root root 1915 Jun 21 09:31 cert3.pem
-rw-r–r-- 1 root root 1647 Okt 16 2018 chain1.pem
-rw-r–r-- 1 root root 1647 Dez 15 2018 chain2.pem
-rw-r–r-- 1 root root 1647 Jun 21 09:31 chain3.pem
-rw-r–r-- 1 root root 3903 Okt 16 2018 fullchain1.pem
-rw-r–r-- 1 root root 3660 Dez 15 2018 fullchain2.pem
-rw-r–r-- 1 root root 3562 Jun 21 09:31 fullchain3.pem
-rw-r–r-- 1 root root 1708 Okt 16 2018 privkey1.pem
-rw-r–r-- 1 root root 1704 Dez 15 2018 privkey2.pem
-rw-r–r-- 1 root root 1704 Jun 21 09:31 privkey3.pem

/etc/letsencrypt/archive/xn–gnauer-3ya.de-0001:
insgesamt 24
drwxr-xr-x 2 root root 4096 Mär 9 15:29 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1919 Mär 9 15:29 cert1.pem
-rw-r–r-- 1 root root 1647 Mär 9 15:29 chain1.pem
-rw-r–r-- 1 root root 3566 Mär 9 15:29 fullchain1.pem
-rw-r–r-- 1 root root 1704 Mär 9 15:29 privkey1.pem

/etc/letsencrypt/archive/xn–gnauer-3ya.de-0002:
insgesamt 40
drwxr-xr-x 2 root root 4096 Mär 9 15:37 .
drwx------ 10 root root 4096 Jun 12 12:04 …
-rw-r–r-- 1 root root 1915 Mär 9 15:36 cert1.pem
-rw-r–r-- 1 root root 1919 Mär 9 15:37 cert2.pem
-rw-r–r-- 1 root root 1647 Mär 9 15:36 chain1.pem
-rw-r–r-- 1 root root 1647 Mär 9 15:37 chain2.pem
-rw-r–r-- 1 root root 3562 Mär 9 15:36 fullchain1.pem
-rw-r–r-- 1 root root 3566 Mär 9 15:37 fullchain2.pem
-rw-r–r-- 1 root root 1704 Mär 9 15:36 privkey1.pem
-rw-r–r-- 1 root root 1704 Mär 9 15:37 privkey2.pem

/etc/letsencrypt/csr:
insgesamt 564
drwxr-xr-x 2 root root 4096 Jun 21 20:21 .
drwxr-xr-x 9 root root 4096 Jun 21 22:53 …
-rw-r–r-- 1 root root 1025 Okt 16 2018 0000_csr-certbot.pem
-rw-r–r-- 1 root root 1098 Okt 16 2018 0001_csr-certbot.pem
-rw-r–r-- 1 root root 1098 Okt 16 2018 0002_csr-certbot.pem
-rw-r–r-- 1 root root 1110 Okt 16 2018 0003_csr-certbot.pem
-rw-r–r-- 1 root root 1050 Okt 17 2018 0004_csr-certbot.pem
-rw-r–r-- 1 root root 1050 Okt 17 2018 0005_csr-certbot.pem
-rw-r–r-- 1 root root 1050 Okt 17 2018 0006_csr-certbot.pem
-rw-r–r-- 1 root root 968 Okt 17 2018 0007_csr-certbot.pem
-rw-r–r-- 1 root root 968 Okt 17 2018 0008_csr-certbot.pem
-rw-r–r-- 1 root root 968 Okt 17 2018 0009_csr-certbot.pem
-rw-r–r-- 1 root root 1050 Okt 17 2018 0010_csr-certbot.pem
-rw-r–r-- 1 root root 940 Okt 17 2018 0011_csr-certbot.pem
-rw-r–r-- 1 root root 936 Dez 8 2018 0012_csr-certbot.pem
-rw-r–r-- 1 root root 944 Dez 8 2018 0013_csr-certbot.pem
-rw-r–r-- 1 root root 1025 Dez 15 2018 0014_csr-certbot.pem
-rw-r–r-- 1 root root 968 Dez 17 2018 0015_csr-certbot.pem
-rw-r–r-- 1 root root 940 Dez 17 2018 0016_csr-certbot.pem
-rw-r–r-- 1 root root 1009 Jan 7 10:39 0017_csr-certbot.pem
-rw-r–r-- 1 root root 972 Jan 10 15:31 0018_csr-certbot.pem
-rw-r–r-- 1 root root 936 Jan 11 12:52 0019_csr-certbot.pem
-rw-r–r-- 1 root root 940 Jan 11 17:59 0020_csr-certbot.pem
-rw-r–r-- 1 root root 940 Jan 11 18:10 0021_csr-certbot.pem
-rw-r–r-- 1 root root 1025 Feb 13 20:30 0022_csr-certbot.pem
-rw-r–r-- 1 root root 968 Feb 15 18:47 0023_csr-certbot.pem
-rw-r–r-- 1 root root 940 Feb 15 18:47 0024_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mär 9 15:29 0025_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mär 9 15:35 0026_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mär 9 15:36 0027_csr-certbot.pem
-rw-r–r-- 1 root root 936 Mär 12 14:21 0028_csr-certbot.pem
-rw-r–r-- 1 root root 972 Apr 13 21:07 0029_csr-certbot.pem
-rw-r–r-- 1 root root 972 Apr 13 21:14 0030_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 21:16 0031_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 21:17 0032_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 21:19 0033_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 21:22 0034_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 21:24 0035_csr-certbot.pem
-rw-r–r-- 1 root root 936 Apr 13 22:33 0036_csr-certbot.pem
-rw-r–r-- 1 root root 968 Apr 17 04:13 0037_csr-certbot.pem
-rw-r–r-- 1 root root 940 Apr 17 04:14 0038_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 9 03:30 0039_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 9 20:53 0040_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 10 03:54 0041_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 10 18:02 0042_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 11 07:15 0043_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 11 20:12 0044_csr-certbot.pem
-rw-r–r-- 1 root root 936 Mai 11 20:12 0045_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 12 01:55 0046_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 12 14:49 0047_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 13 08:26 0048_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 13 17:58 0049_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 14 05:35 0050_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 14 22:04 0051_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 15 00:38 0052_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 15 23:18 0053_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 16 04:40 0054_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 16 12:12 0055_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 17 05:00 0056_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 17 18:12 0057_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 18 09:23 0058_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 18 22:29 0059_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 19 08:47 0060_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 19 19:29 0061_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 20 06:22 0062_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 20 16:43 0063_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 21 10:11 0064_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 21 22:24 0065_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 22 07:42 0066_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 22 13:57 0067_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 23 04:38 0068_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 23 21:35 0069_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 24 06:01 0070_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 24 17:00 0071_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 25 04:35 0072_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 25 16:31 0073_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 26 01:22 0074_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 26 22:49 0075_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 27 01:03 0076_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 27 22:53 0077_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 28 10:29 0078_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 28 15:48 0079_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 29 05:02 0080_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 29 15:49 0081_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 30 07:09 0082_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 30 12:28 0083_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 31 04:03 0084_csr-certbot.pem
-rw-r–r-- 1 root root 928 Mai 31 20:19 0085_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 1 02:35 0086_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 1 12:11 0087_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 2 09:39 0088_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 2 17:51 0089_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 3 07:10 0090_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 3 18:40 0091_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 4 11:54 0092_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 4 20:42 0093_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 5 07:49 0094_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 5 19:12 0095_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 6 04:53 0096_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 6 18:36 0097_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 7 08:21 0098_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 7 18:01 0099_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 8 06:32 0100_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 8 08:16 0101_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 8 08:19 0102_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 8 16:14 0103_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 9 11:40 0104_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 9 18:34 0105_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 10 04:46 0106_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 10 15:11 0107_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 11 07:38 0108_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 11 13:08 0109_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 12 06:17 0110_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 12 11:52 0111_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 12 12:06 0112_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 12 22:01 0113_csr-certbot.pem
-rw-r–r-- 1 root root 936 Jun 12 22:01 0114_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 13 05:17 0115_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 13 22:38 0116_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 14 03:04 0117_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 14 16:11 0118_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 15 11:35 0119_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 15 15:06 0120_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 16 06:57 0121_csr-certbot.pem
-rw-r–r-- 1 root root 968 Jun 16 06:57 0122_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 16 15:28 0123_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 16 22:36 0124_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 16 22:39 0125_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 17 03:36 0126_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 17 20:12 0127_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 18 05:55 0128_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 18 19:43 0129_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 19 04:23 0130_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 19 21:48 0131_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 20 05:12 0132_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 20 15:38 0133_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 21 09:31 0134_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 21 13:22 0135_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 21 13:23 0136_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 21 13:39 0137_csr-certbot.pem
-rw-r–r-- 1 root root 928 Jun 21 20:21 0138_csr-certbot.pem

/etc/letsencrypt/live:
insgesamt 28
drwx------ 6 root root 4096 Jun 12 12:04 .
drwxr-xr-x 9 root root 4096 Jun 21 22:53 …
drwxr-xr-x 2 root root 4096 Jun 16 06:58 cloud.günauer.de
drwxr-xr-x 2 root root 4096 Jun 12 22:01 home.günauer.de
-rw-r–r-- 1 root root 740 Dez 8 2018 README
drwxr-xr-x 2 root root 4096 Mai 11 20:12 wiki.günauer.de
drwxr-xr-x 2 root root 4096 Jun 21 09:31 günauer.de

/etc/letsencrypt/live/cloud.xn–gnauer-3ya.de:
insgesamt 12
drwxr-xr-x 2 root root 4096 Jun 16 06:58 .
drwx------ 6 root root 4096 Jun 12 12:04 …
lrwxrwxrwx 1 root root 47 Jun 16 06:58 cert.pem -> …/…/archive/cloud.xn–gnauer-3ya.de/cert7.pem
lrwxrwxrwx 1 root root 48 Jun 16 06:58 chain.pem -> …/…/archive/cloud.xn–gnauer-3ya.de/chain7.pem
lrwxrwxrwx 1 root root 52 Jun 16 06:58 fullchain.pem -> …/…/archive/cloud.xn–gnauer-3ya.de/fullchain7.pem
lrwxrwxrwx 1 root root 50 Jun 16 06:58 privkey.pem -> …/…/archive/cloud.xn–gnauer-3ya.de/privkey7.pem
-rw-r–r-- 1 root root 682 Okt 17 2018 README

/etc/letsencrypt/live/home.xn–gnauer-3ya.de:
insgesamt 12
drwxr-xr-x 2 root root 4096 Jun 12 22:01 .
drwx------ 6 root root 4096 Jun 12 12:04 …
lrwxrwxrwx 1 root root 46 Jun 12 22:01 cert.pem -> …/…/archive/home.xn–gnauer-3ya.de/cert2.pem
lrwxrwxrwx 1 root root 47 Jun 12 22:01 chain.pem -> …/…/archive/home.xn–gnauer-3ya.de/chain2.pem
lrwxrwxrwx 1 root root 51 Jun 12 22:01 fullchain.pem -> …/…/archive/home.xn–gnauer-3ya.de/fullchain2.pem
lrwxrwxrwx 1 root root 49 Jun 12 22:01 privkey.pem -> …/…/archive/home.xn–gnauer-3ya.de/privkey2.pem
-rw-r–r-- 1 root root 692 Apr 13 22:33 README

/etc/letsencrypt/live/wiki.xn–gnauer-3ya.de:
insgesamt 12
drwxr-xr-x 2 root root 4096 Mai 11 20:12 .
drwx------ 6 root root 4096 Jun 12 12:04 …
lrwxrwxrwx 1 root root 46 Mai 11 20:12 cert.pem -> …/…/archive/wiki.xn–gnauer-3ya.de/cert3.pem
lrwxrwxrwx 1 root root 47 Mai 11 20:12 chain.pem -> …/…/archive/wiki.xn–gnauer-3ya.de/chain3.pem
lrwxrwxrwx 1 root root 51 Mai 11 20:12 fullchain.pem -> …/…/archive/wiki.xn–gnauer-3ya.de/fullchain3.pem
lrwxrwxrwx 1 root root 49 Mai 11 20:12 privkey.pem -> …/…/archive/wiki.xn–gnauer-3ya.de/privkey3.pem
-rw-r–r-- 1 root root 692 Jan 11 12:52 README

/etc/letsencrypt/live/xn–gnauer-3ya.de:
insgesamt 12
drwxr-xr-x 2 root root 4096 Jun 21 09:31 .
drwx------ 6 root root 4096 Jun 12 12:04 …
lrwxrwxrwx 1 root root 46 Jun 21 09:31 cert.pem -> …/…/archive/xn–gnauer-3ya.de-0002/cert2.pem
lrwxrwxrwx 1 root root 47 Jun 21 09:31 chain.pem -> …/…/archive/xn–gnauer-3ya.de-0002/chain2.pem
lrwxrwxrwx 1 root root 51 Jun 21 09:31 fullchain.pem -> …/…/archive/xn–gnauer-3ya.de-0002/fullchain2.pem
lrwxrwxrwx 1 root root 49 Jun 21 09:31 privkey.pem -> …/…/archive/xn–gnauer-3ya.de-0002/privkey2.pem
-rw-r–r-- 1 root root 692 Mär 9 15:36 README

/etc/letsencrypt/renewal:
insgesamt 24
drwxr-xr-x 2 root root 4096 Jun 21 09:31 .
drwxr-xr-x 9 root root 4096 Jun 21 22:53 …
-rw-r–r-- 1 root root 690 Jun 16 06:58 cloud.xn–gnauer-3ya.de.conf
-rw-r–r-- 1 root root 569 Jun 12 22:01 home.xn–gnauer-3ya.de.conf
-rw-r–r-- 1 root root 569 Mai 11 20:12 wiki.xn–gnauer-3ya.de.conf
-rw-r–r-- 1 root root 752 Jun 21 09:31 xn–gnauer-3ya.de.conf

The symlinks in /etc/letsencrypt/live/xn–gnauer-3ya.de/ are not pointing to ../../archive/xn–gnauer-3ya.de/ so Certbot is constantly issuing certificates and saving them to the the correct directory, but then it can't find them again.

You need to fix /etc/letsencrypt/live/cert.pem to point to ../../archive/xn–gnauer-3ya.de/cert3.pem and so on for the other three links.

After that you can probably also delete /etc/letsencrypt/archive/xn–gnauer-3ya.de-0001 and /etc/letsencrypt/archive/xn–gnauer-3ya.de-0002/ if you want to.

Thank you very much it works now. I struggled with it for some time!

I meant /etc/letsencrypt/live/xn–gnauer-3ya.de/cert.pem, not /etc/letsencrypt/live/cert.pem.

I almost made a whole post without any critical errors.

@mnordhoff
still figured it out because of your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.