Test hook & rate limit

Hi !

I’m scripting a deploy hook and i want to test it but i get a rate limit error :sleepy:
How can i test my deploy hook script ?

Commands:

# nano /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh
# certbot renew --force-renewal

Results:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Attempting to renew cert (mysuperdomain.com) from /etc/letsencrypt/renewal/mysuperdomain.com.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.mysuperdomain.com,mysuperdomain.com: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

or

OK!

I tried to use de staging environment (https://letsencrypt.org/docs/staging-environment/) with the dry-run parameter but it skip the deploy hook command :frowning: :

Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh

Did i forget something ?

Commands:

# certbot renew --force-renewal --dry-run

Results:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

your use case is different than what --dry-run expects. You should use --test or --staging explicitly (and be careful because they can replace your valid cert with an invalid one, specify a different --cert-name):

OK !

My certificate is not in production soo i deleted the production’s cert :

# cd /etc/letsencrypt
# certbot delete --cert-name mysuperdomain.com

Then i created the staging certificate and force renew it :

# certbot certonly --dns-rfc2136 --dns-rfc2136-credentials .secrets/mysuperdomain.com.tsig -d mysuperdomain.com -d *.mysuperdomain.com –staging
# certbot renew --force-renewal --staging --cert-name mysuperdomain.com

With a successfull result :slight_smile:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Thank for your help !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.