Hello , this morning I tried to renew my certificate but I got an error of this type.
Thanks for your help
ludovic@vps181822:/opt/letsencrypt$ ./certbot-auto renew
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Attempting to renew cert (theapplefanboy.fr) from /etc/letsencrypt/renewal/theapplefanboy.fr.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/theapplefanboy.fr/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/theapplefanboy.fr/fullchain.pem (failure)
You are using the apache plugin, your certbot is up to date, this is good. Please find your webroot (the directory, where your website starts), if not exist, create there two directories
/.well-known/acme-challenge
there a file (file name 1234 without extension) and try, if you can load this file via
As far as I know, the apache plugin creates a separate, new and temporary virtualhost with a specific webroot, something like /var/lib/letsencrypt/blahblah or something.
The 404 is ok. You see, there is no redirect to https. You have a Strict-Transport-Security header (which is good), so your browser switches to https. But not a direct GET with a tool.
So Letsencrypt doesn't see this redirect http -> https.
There’s probably some Apache configuration messing with the added Let’s Encrypt configs.
Specifically, Let’s Encrypt adds this to the virtualhosts configuration directory:
le_http_01_challenge_pre.conf:
RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]
le_http_01_challenge_post.conf:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted
</Directory>
<Location /.well-known/acme-challenge>
Require all granted
</Location>
As you can see, it’s a very simpel setup.
One can start debugging as follows:
add -v and --debug-challenges to the certbot command line
check the relevant Apache logs, access as wel as error log
But as you can see, I’m sure you mean well, but advising the topicstarter to make challenge directories in the webroot of the website isn’t going to help.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/theapplefanboy.fr/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/theapplefanboy.fr/privkey.pem
Your cert will expire on 2019-02-17. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again with the “certonly” option. To
non-interactively renew all of your certificates, run
“letsencrypt-auto renew”
If you like Certbot, please consider supporting our work by: