I have nginx problems while move domain lp.школатрейдера.рф to other server and delete all recently received certs. And reach rate-limits ((. I still need the letsencrypt certificate. How can I speed up the window to get cert?
Thanx
Hi @kons,
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Can you additionally share the exact rate limit error message you’re receiving? If its the failed validations rate limit that you’re hitting it will automatically clear itself after 1 hour. You could also use the staging environment to debug your problem in the meantime.
1 Like
Ou, thanks for replying.
My domain is: lp.школатрейдера.рф - it`s in punycode
I ran this command:./certbot-auto certonly --webroot --agree-tos --email mail@domain.com -w /var/www/domain/data/www/lpacademy -d lp.школатрейдера.рф -d www.lp.школатрейдера.рф
It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate An unexpected error occurred:
There were too many requests of a given type :: Error finalizing order :: too many certificates already issued for exact set of domains: lp.школатрейдера.рф,www.lp.школатрейдера.рф: see https://letsencrypt.org/docs/rate-limits/
Please see the logfiles in /var/log/letsencrypt for more details.
My web server is (include version):nginx /1.12.2
The operating system my web server runs on is (include version):debian 3.16.7
My hosting provider, if applicable, is: ns.bpfcom.net
I can login to a root shell on my machine - yes
I’m using a control panel to manage my site - no
certbot 0.31.0
Error finalizing order: There were too many request of given type: too many request already issued for exact set of domain lp.школатрейдера.рф www.lp.школатрейдера.рф
1 Like
Hi @Kons,
there is a certificate, created today ( https://check-your-website.server-daten.de/?q=lp.школатрейдера.рф ):
CN=lp.xn--80aaldbwei0awes7e.xn--p1ai
14.02.2019
15.05.2019
expires in 90 days lp.школатрейдера.рф (lp.xn--80aaldbwei0awes7e.xn--p1ai),
www.lp.школатрейдера.рф (www.lp.xn--80aaldbwei0awes7e.xn--p1ai) - 2 entries
So use this certificate 60 - 85 days.
If you need the same certificate with another server, copy the private and the public key.
You have created 5 identical certificates today, one is used.
2 Likes
Yes, I just need the same keys, because I (crooked hands) physically deleted keys them from letsencrypt/live/ directory after nginx accepted them. It turns out that this certificate will work until nginx is restarted. That is, I need fullchain.pem and privkey.pem again
The rate limit is fixed.
So you have two options.
- Don't restart your server in the next 7 days
- create certificates with different sets of domain names
Your current certificate has two domain names
lp.xn--80aaldbwei0awes7e.xn--p1ai
www.lp.xn--80aaldbwei0awes7e.xn--p1ai
There you have hitted the limit -> next certificate in 7 days.
But you can create one certificate with
lp.xn--80aaldbwei0awes7e.xn--p1ai
as domain name, one certificate with
www.lp.xn--80aaldbwei0awes7e.xn--p1ai
So you need two different vHosts to use these certificates.
But: One certificate, not more then 4. Because there is already one certificate with
lp.xn--80aaldbwei0awes7e.xn--p1ai
2 Likes
Thanks, i shall do so.
How much did you delete? There are two copies of the keys saved in /etc/letsencrypt/archive/ and /etc/letsencrypt/keys/. If you only deleted /etc/letsencrypt/live/, you can fix it.
2 Likes
Also in Linux you can usually access copies of files that processes have open by looking in /proc/[pid]/fd, even if the files have been unlinked from the filesystem.
$ echo hello > file
$ cat > holdopenfd.py <<foo
> #!/usr/bin/env python
> import os
> print(os.getpid())
> f = open("file")
> import time
> time.sleep(10)
> foo
$ python holdopenfd.py &
[1] 24071
24071
$ rm file
$ cat file
cat: file: No such file or directory
$ cat /proc/24071/fd/3
hello
$ sleep 10
[1]+ Done python holdopenfd.py
$ cat file
cat: file: No such file or directory
This might not be necessary in this case because the much simpler approach suggested by @mnordhoff may suffice.
1 Like
@joohoi pointed out that nginx might not actually keep the certificate and key files open while running, since it could read them once at startup and then close them. I confirmed that this is true in practice, so my advice above won’t actually work for this application! (It could work in some other situations where you need to recover a file’s contents, but not this one.)
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.