[solved] Please help to renew

@rg305 yes i don’t understand i delete and create new cert, but it still using the expired cert.

Then you did not delete them all.

check your server time : DATE if its fine

certbot delete --cert-name sabaideegroup1.com

rm -r /etc/letsencrypt/archive/domain
rm -r /etc/letsencrypt/archive/live/domain
rm -r /etc/letsencrypt/archive/renewal/domain.conf

do it again

Also check /var/log/apache2/error.log for other errors

certbot certonly -a webroot --webroot-path=“document root” -d sabaideegroup1.com -d www.sabaideegroup1.com
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: sabaideegroup1.com,www.sabaideegroup1.com
Please see the logfiles in /var/log/letsencrypt for more details.

5 certificates per week . have you checked /var/log/apache2/error.log . Is there anything you found .can you past it as a text here.

You will have to modify the set of names in the cert.
You could add another domain to it.
Or you could remove one of the names from it.
In either case the limit is only for one week.

From: https://letsencrypt.org/docs/rate-limits/
We also have a Duplicate Certificate limit of 5 certificates per week.

You could keep one of the names HTTP and forward it to the other name and use HTTPS there.

Thanks @gotham @rg305
That mean i can try again next week right? and it work?
problem is too many certificates already issued because of i try for myself before @gotham guide.
and it can not use new certificate cause of this issue.
I hope next week i will create new one and it work.
Thanks you for your kindness.

You are welcome.
Your current 5 per week limit drops on Oct 31, 2017 11:46:33 GMT plus 7 days and 1 second =
You can try again as soon as Nov 7, 2017 11:46:34 GMT

If you still encounter problems with the web server using an old certificate, I suggest trying

grep -r SSLCertificateFile /etc/apache2

to find out if there is another configuration file with another virtual host that mentions the old certificate somewhere.

There really is no need to wait. Issuing isn't the problem. You've got plenty of certificates around, the webserver just doesn't use the right one.

I would suggest to do what @schoen proposes. Do not wait the rate limit, so you can request a new certificate which won't be used either. Fix the real problem here :wink:

I agree he should fix the real problem first, as from my earlier post:

But If he already followed these steps, he may have no other choice of certs left to use.

Thank you verymuch every body.
Now i known the problem. The problem is my customer firewall.
They need add cert to the firewall too.
Sorry for my stupid question.

HTTPS inspection?
In any case, I see the site is renewed and secured now:

And SSLLabs gives it an “A-” (which is not bad - but you can improve it easily)
The server does not have a cipher preference order and that can cause some browsers to connect via less secure protocols (without Forwarding Secrecy).
SSLHonorCipherOrder on
SSLCipherSuite <your preferred list of ciphers>

And also the public cert provided seems to include the cert.pem and also the fullchain.pem (which already includes the cert) - so it is providing the cert twice:
Certificate chain
0 s:/CN=sabaideegroup1.com
i:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
1 s:/CN=sabaideegroup1.com
i:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
2 s:/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.