Renewal error of my domain

Hello , this morning I tried to renew my certificate but I got an error of this type.
Thanks for your help :slight_smile:

ludovic@vps181822:/opt/letsencrypt$ ./certbot-auto renew
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate

Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)

Hi @ludochan

this is an own-hour-limit:

There is a Failed Validation limit of 5 failures per account, per hostname, per hour.

But please share


to find the reason of these failed validations.

Here is the file , thanks , i’m a new user i can’t upload a file :confused:


Certbot creates a validation file under /.well-known/acme-challenge, but Letsencrypt doesn’t find this file:

      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from \"\u003c!DOCTYPE html\u003e\u003chtml class=\\\"no-js\\\" lang=\\\"fr-FR\\\" prefix=\\\"og:\\\"\u003e\u003chead profile=\\\"\\\"\u003e\u003clink rel=\"",
        "status": 403

You are using the apache plugin, your certbot is up to date, this is good. Please find your webroot (the directory, where your website starts), if not exist, create there two directories


there a file (file name 1234 without extension) and try, if you can load this file via

with your browser.

If yes, you have found your correct webroot, so you may use something like

certbot run -a webroot -i apache -w PathToYourWebroot -d -d

with a splitted authenticator webroot and installer apache.

As far as I know, the apache plugin creates a separate, new and temporary virtualhost with a specific webroot, something like /var/lib/letsencrypt/blahblah or something.

moreover all http requests are redirected to https, you believe that the problem also comes from that ?

That's true (as I know), but how to debug if it doesn't work? There is no ipv6, no second ipv4.

It's possible, but checking with my own redirect check ( ) I don't see problems.

The 404 is ok. You see, there is no redirect to https. You have a Strict-Transport-Security header (which is good), so your browser switches to https. But not a direct GET with a tool.

So Letsencrypt doesn't see this redirect http -> https.

There’s probably some Apache configuration messing with the added Let’s Encrypt configs.

Specifically, Let’s Encrypt adds this to the virtualhosts configuration directory:


    RewriteEngine on
    RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]


    <Directory /var/lib/letsencrypt/http_challenges>
        Require all granted
    <Location /.well-known/acme-challenge>
        Require all granted

As you can see, it’s a very simpel setup.

One can start debugging as follows:

  • add -v and --debug-challenges to the certbot command line
  • check the relevant Apache logs, access as wel as error log

But as you can see, I’m sure you mean well, but advising the topicstarter to make challenge directories in the webroot of the website isn’t going to help.

Ok i see the directorie .well-known on my wordpress folder

Thanks for your help :wink: the command worked

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: and

You should test your configuration at:


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2019-02-17. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again with the “certonly” option. To
    non-interactively renew all of your certificates, run
    “letsencrypt-auto renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:
    Donating to EFF:

1 Like

Yep, now you have a new certificate created with two domain names.

Certificates 19.11.2018 17.02.2019, - 2 entries
CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 17.03.2016 17.03.2021
CN=DST Root CA X3, O=Digital Signature Trust Co. 30.09.2000 30.09.2021

So the www- and the non-www are secure.

But you should add a redirect of your https.

You don’t see this error, because your browser prefers the https version (because of your good HSTS-header).

But users on should use the secured version.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.