Renewing an existing certificate

Hello
I use an AWS EC2 machine UBUNTU 20.04 and I recently got an email reminding me that my Let's Encrypt certificates (for my rstudio-server and shiny-server) were expiring in 13 days. So I try to renew them with the command : certbot renew --cert-name mydomaine-name --nginx or sudo certbot renew --dry-run

And I get as error :
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mydomane-name.conf


Renewing an existing certificate for mydomaine-name
Failed to renew certificate mydomaine-name with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt


All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mydomaine-name/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The too many failed authorizations recently error would only present itself if renewing failed for a different reason before. Please check the logs and preset the log file where the actual error for renewing revealed itself.

Also note that this error is from a limit of 5 failures per account, per hostname, per hour. This would not happen if a regular renewal attempt would fail, as it's customary to try to renew twice a day, which cannot hit the aformentioned rate limit.

3 Likes

Also, if you look closely, the --dry-run should give a different (and in this context more useful) error because it will use the staging server instead of the production server. You're unlikely to have hit the rate limit on the staging server, so you'll probably get an error that corresponds to the underlying reason that the previous attempts failed.

3 Likes

Thanks for your reply,

With --dry-run il have this error :

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/mydomaine-name1.conf


Simulating renewal of an existing certificate for mydomaine-name1

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: domaine-name1
Type: connection
Detail: my_ip: Fetching http://domaine-name1/.well-known/acme-challenge/p2dxUh4gWF14PvfmCbocKd_FyTxzlMEuwGlio2qdV-k: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate mydomaine-name1 with error: Some challenges have failed.


Processing /etc/letsencrypt/renewal/mydomaine-name2.conf


Simulating renewal of an existing certificate for mydomaine-name2

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mydomaine-name2
Type: connection
Detail: my_ip: Fetching http://mydomaine-name2/.well-known/acme-challenge/OLPBsjDjOX7rznz5H29GfxczZtyKIi55CJTWm7Zu2yw: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Failed to renew certificate mydomaine-name2 with error: Some challenges have failed.


All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mydomaine-name1/fullchain.pem (failure)
/etc/letsencrypt/live/mydomaine-name2/fullchain.pem (failure)


2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Hello, there was a firewall problem. I was finally able to renew the certificates. Thank you very much for your answers.

2 Likes