To many requests of a given type

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ieat.nz

I ran this command:certbot renew

It produced this output:Invalid response from http://ieat.nz/.well-known/acme-challenge/I4Ke6dAsLppsudJqYIx81ymoXXKVnCw8mTPrPO7VQnw [219.89.198.22]: 404

My web server is (include version):
Servers sits behind a Huawei HG659B modem
I have 4 servers running:
Servers 1 and 2. Graphics server stunnel 5.56 routes port 443 ssl calls to a port 80 on a elevate web builder server vers 2 for all graphics
Servers 3 and 4. An nginx- 1.16.1 server routes 444 calls to port 81 on a mormot database server

The operating system my web server runs on is (include version):
Windows 7 ultimate Service pack 1 64 bit
domain name services

My domain name service, is:Metaname

I could access the http and https versions of my web page. Prior to attempting the renewel I stopped the nginx and stunnel servers so only the http version of my web page was running.

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 1.5.0

2

Welcome to the Let’s Encrypt Community, Ian :slightly_smiling_face:

Let’s see what we can do for you… :thinking:

3

Can you try the following please:

certbot renew -a nginx --dry-run

4

hi griffen
The response to dry run is

Processing C:\Certbot\renewal\ieat.nz.conf

Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The requested nginx plugin does not appear
to be installed
←[31mAttempting to renew cert (ieat.nz) from C:\Certbot\renewal\ieat.nz.conf pro
duced an unexpected error: The requested nginx plugin does not appear to be inst
alled. Skipping.←[0m
←[31mAll renewal attempts failed. The following certs could not be renewed:←[0m
←[31m C:\Certbot\live\ieat.nz\fullchain.pem (failure)←[0m

** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
C:\Certbot\live\ieat.nz\fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)

←[31m1 renew failure(s), 0 parse failure(s)←[0m

I have stopped the https servers is that correct

5

Interesting…

What webserver is serving port 80?

What says the following?

certbot certificates

6

image

C:\Windows\system32>certbot certificates
Saving debug log to C:\Certbot\log\letsencrypt.log

Found the following certs:
Certificate Name: ieat.nz
Serial Number: 47ab76fd6ea608c58226cc8581900b89809
Domains: ieat.nz
Expiry Date: 2020-09-16 03:42:17+00:00 (INVALID: EXPIRED)
Certificate Path: C:\Certbot\live\ieat.nz\fullchain.pem
Private Key Path: C:\Certbot\live\ieat.nz\privkey.pem

I have set port forwarding on the modem for ports 80, 81, 443, 444 to the server

7

Let’s try this then:

certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

8

certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

9

Oops sorry

Full post
certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run
31m–dry-run currently only works with ‘certonly’ or ‘renew’ sub commands

10

My bad… I’ve even been writing the handbook for this. I need to get the certbot guys to change that…

Anyhow…

certbot certonly --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

11

That looks better ive only posted the last bit

IMPORTANT NOTES:

  • The dry run was successful.
    ←[0m - Your account credentials have been saved in your Certbot
    configuration directory at C:\Certbot. You should make a secure
    backup of this folder now. This configuration directory will also
    contain certificates and private keys obtained by Certbot so making
    regular backups of this folder is ideal.
12

Beautiful. Let’s try it for real.

certbot renew --cert-name ieat.nz -a webroot -w C:\aieserv\

13

Thank you very much i now understand what the webroot sub command does
much appreciated

Congratulations, all renewals succeeded. The following certs have been renewed:
C:\Certbot\live\ieat.nz\fullchain.pem (success)

ill start up the servers and try

14

The assumption we’re going by here is that simply replacing the certificates will update them. Basically, there’s no “install” step (-i).

15

Screenshot_20200916-181936_Samsung Internet
Screenshot_20200916-181936_Samsung Internet1439×2724 467 KB

16

You might want a forward from http to https to prevent unsecure access. Aside from that, you’re golden as far as I can see.

17

Is this a change from the normal operation?
certbot only needs port 80 to obtain/renew any cert (via HTTP authentication).
If you have to "put things back" and port 80 will not be reaching this system, things will not automate - and you will have to do this all over again every time you renew.
If these ports are normally forwarded to this system, then disregard this entire post (thus far) and
I'm glad you got a renewed cert.
Cheers from Miami :beers:

18

All good thanks once again.
This a bit clunky but im self taught
I Normally turn off the 80,81 ports when the HTTPS certificate is working
Ill look into HTTP to HTTPS forwarding

19

Then you only need to add 80 when getting a renewal (also allowing 81 in seems to add nothing to that process).

20

Don't knock it - so was I :slight_smile:
[and in a much more difficult time than these]

Needless-to-say:
~These are the good old days~