Hi !
I’m scripting a deploy hook and i want to test it but i get a rate limit error
How can i test my deploy hook script ?
Commands:
# nano /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh
# certbot renew --force-renewal
Results:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Attempting to renew cert (mysuperdomain.com) from /etc/letsencrypt/renewal/mysuperdomain.com.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: *.mysuperdomain.com,mysuperdomain.com: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
OK!
I tried to use de staging environment (Staging Environment - Let's Encrypt ) with the dry-run parameter but it skip the deploy hook command :
Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh
Did i forget something ?
Commands:
# certbot renew --force-renewal --dry-run
Results:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Dry run: skipping deploy hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9peppe
April 3, 2020, 8:47am
4
your use case is different than what --dry-run
expects. You should use --test
or --staging
explicitly (and be careful because they can replace your valid cert with an invalid one, specify a different --cert-name
):
OK !
My certificate is not in production soo i deleted the production’s cert :
# cd /etc/letsencrypt
# certbot delete --cert-name mysuperdomain.com
Then i created the staging certificate and force renew it :
# certbot certonly --dns-rfc2136 --dns-rfc2136-credentials .secrets/mysuperdomain.com.tsig -d mysuperdomain.com -d *.mysuperdomain.com –staging
# certbot renew --force-renewal --staging --cert-name mysuperdomain.com
With a successfull result
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mysuperdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator dns-rfc2136, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/mysuperscript.ssh
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/mysuperdomain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Thank for your help !
system
Closed
May 3, 2020, 9:40am
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.