So, Im creating cert for mail server. DNS AAAA record is valid. Tested it on many random servers from https://public-dns.info.
And debug environment show no error:
root@mail:/etc/nginx/templates# certbot certonly --staging --agree-tos --email admin@enhim.ru --webroot -w /var/lib/letsencrypt/ -d mail.enhim.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/mail.enhim.ru.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.enhim.ru
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.enhim.ru/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.enhim.ru/privkey.pem
Your cert will expire on 2019-02-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
But production run says, that my DNS record are wrong…
The server could not resolve a domain name :: No valid IP addresses found for mail.enhim.ru
Unfortunate, screen buffer of Putty lose answer from server, and now it says, that Im was to many attempts and ban me for some time.
There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently