To many requests of a given type

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ieat.nz

I ran this command:certbot renew

It produced this output:Invalid response from http://ieat.nz/.well-known/acme-challenge/I4Ke6dAsLppsudJqYIx81ymoXXKVnCw8mTPrPO7VQnw [219.89.198.22]: 404

My web server is (include version):
Servers sits behind a Huawei HG659B modem
I have 4 servers running:
Servers 1 and 2. Graphics server stunnel 5.56 routes port 443 ssl calls to a port 80 on a elevate web builder server vers 2 for all graphics
Servers 3 and 4. An nginx- 1.16.1 server routes 444 calls to port 81 on a mormot database server

The operating system my web server runs on is (include version):
Windows 7 ultimate Service pack 1 64 bit
domain name services

My domain name service, is:Metaname

I could access the http and https versions of my web page. Prior to attempting the renewel I stopped the nginx and stunnel servers so only the http version of my web page was running.

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 1.5.0

Welcome to the Let’s Encrypt Community, Ian :slightly_smiling_face:

Let’s see what we can do for you… :thinking:

Can you try the following please:

certbot renew -a nginx --dry-run

hi griffen
The response to dry run is

Processing C:\Certbot\renewal\ieat.nz.conf


Cert is due for renewal, auto-renewing…
Could not choose appropriate plugin: The requested nginx plugin does not appear
to be installed
←[31mAttempting to renew cert (ieat.nz) from C:\Certbot\renewal\ieat.nz.conf pro
duced an unexpected error: The requested nginx plugin does not appear to be inst
alled. Skipping.←[0m
←[31mAll renewal attempts failed. The following certs could not be renewed:←[0m
←[31m C:\Certbot\live\ieat.nz\fullchain.pem (failure)←[0m


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
C:\Certbot\live\ieat.nz\fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


←[31m1 renew failure(s), 0 parse failure(s)←[0m

I have stopped the https servers is that correct

Interesting…

What webserver is serving port 80?

What says the following?

certbot certificates

image

C:\Windows\system32>certbot certificates
Saving debug log to C:\Certbot\log\letsencrypt.log


Found the following certs:
Certificate Name: ieat.nz
Serial Number: 47ab76fd6ea608c58226cc8581900b89809
Domains: ieat.nz
Expiry Date: 2020-09-16 03:42:17+00:00 (INVALID: EXPIRED)
Certificate Path: C:\Certbot\live\ieat.nz\fullchain.pem
Private Key Path: C:\Certbot\live\ieat.nz\privkey.pem

I have set port forwarding on the modem for ports 80, 81, 443, 444 to the server

Let’s try this then:

certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

1 Like

certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

Oops sorry

Full post
certbot run --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run
31m–dry-run currently only works with ‘certonly’ or ‘renew’ sub commands

My bad… I’ve even been writing the handbook for this. I need to get the certbot guys to change that…

Anyhow…

certbot certonly --cert-name ieat.nz -a webroot -w C:\aieserv\ --dry-run

1 Like

That looks better ive only posted the last bit

IMPORTANT NOTES:

  • The dry run was successful.
    ←[0m - Your account credentials have been saved in your Certbot
    configuration directory at C:\Certbot. You should make a secure
    backup of this folder now. This configuration directory will also
    contain certificates and private keys obtained by Certbot so making
    regular backups of this folder is ideal.

Beautiful. Let’s try it for real.

certbot renew --cert-name ieat.nz -a webroot -w C:\aieserv\

1 Like

Thank you very much i now understand what the webroot sub command does
much appreciated

Congratulations, all renewals succeeded. The following certs have been renewed:
C:\Certbot\live\ieat.nz\fullchain.pem (success)


ill start up the servers and try

1 Like

The assumption we’re going by here is that simply replacing the certificates will update them. Basically, there’s no “install” step (-i).

You might want a forward from http to https to prevent unsecure access. Aside from that, you’re golden as far as I can see.

Is this a change from the normal operation?
certbot only needs port 80 to obtain/renew any cert (via HTTP authentication).
If you have to “put things back” and port 80 will not be reaching this system, things will not automate - and you will have to do this all over again every time you renew.
If these ports are normally forwarded to this system, then disregard this entire post (thus far) and
I’m glad you got a renewed cert.
Cheers from Miami :beers:

1 Like

All good thanks once again.
This a bit clunky but im self taught
I Normally turn off the 80,81 ports when the HTTPS certificate is working
Ill look into HTTP to HTTPS forwarding

2 Likes

Then you only need to add 80 when getting a renewal (also allowing 81 in seems to add nothing to that process).

1 Like

Don’t knock it - so was I :slight_smile:
[and in a much more difficult time than these]

Needless-to-say:
~These are the good old days~

1 Like