Renewing domain cert after a rewrite has been added to the main domain URL (NGINX rewrite to folder)


#1

So when i first issued the cert for my domain i did it for solarfactory.mx and www.solarfactory.mx but now i am using a permanent redirect on my NGINX block to solarfactory.mx/tienda so it is understandable that when i run the comand sudo cerbot renew the acme challenge fails, but my question is how can i renew my cert under this permanent rewrite of solarfactory.mx to solarfactory.mx/tienda

My domain is: solarfactory.mx

I ran this command: sudo certbot renew

It produced this output: Attempting to renew cert (solarfactory.mx) from /etc/letsencrypt/renewal/solarfactory.mx.conf produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.

My web server is (include version): NGINX 1.10.3

The operating system my web server runs on is (include version): ubuntu 17.04


#2

Redirects aren’t usually supposed to be a problem.

Can you post the contents of /etc/letsencrypt/renewal/solarfactory.mx.conf and your Nginx server blocks?

Is that a typo?


#3

I don’t think that’s an typo. But the OP should consider update the system (since 17.04 reached EOL in Jan.2018)


#4

Hi @lmuzquiz

looks that there is another reason why your renew fails: The “missing-slash-reason”:



Your http redirects to https, this isn’t a problem. But in your redirect there is a missing /.

So www.solarfactory.mx/.well-known/acme-challenge/... is redirected to the non existing domain

https://solarfactory.mx.well-known/acme-challenge/...

Add a / in your redirect rule after your %SERVERNAME


#5

If you properly exclude, or handle, the challenge requests, then forwarding should not be a problem.