im using SOPHOS UTM intergrated Let’s Encrypt module to get certificates. Due to an DNS resolution problem on my applicance, i got the following error message:
2019:11:07-01:34:13 utmcluster-1 letsencrypt[23144]: E Renew certificate: COMMAND_FAILED: “type”: “urn:acme:error:rateLimited”,
2019:11:07-01:34:13 utmcluster-1 letsencrypt[23144]: E Renew certificate: COMMAND_FAILED: “status”: 429
UTM will try every single night to renew the certificate.
My certificate will be invalid in 29 days. Can i check for my domain, when the rate limit counter will be reseted? i want to avoid, that my site will stop working in 29 days.
I the logs i can see, that the public and private key should be under /var/storage/chroot-reverseproxy/var/lib/dehydrated/cert_data/certs but i cannot find any keys for the domain
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I ran this command:
running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain www.corpus-sireo.com --domain corpus-sireo.com
It produced this output:
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: I Renew certificate: command completed with exit code 256
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: E Renew certificate: COMMAND_FAILED: ERROR: Problem connecting to server (get for http://cert.int-x3.letsencrypt.org/; curl returned with 6)
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: E Renew certificate: COMMAND_FAILED: ERROR: Walking chain has failed, your certificate has been created and can be found at /var/storage/chroot-reverseproxy/var/lib/dehydrated/cert_data/certs/www.corpus-sireo.com/cert-1573008853.pem, the corresponding private key at privkey.pem. If you want you can manually continue on creating and linking all necessary files. If this error occurs again you should manually generate the certificate chain and place it under /var/storage/chroot-reverseproxy/var/lib/dehydrated/cert_data/chains/4f06f81d.chain (see http://cert.int-x3.letsencrypt.org/)
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: I Renew certificate: sending notification WARN-603
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: [WARN-603] Let’s Encrypt certificate renewal failed accessing Let’s Encrypt service
2019:11:06-03:54:37 utmcluster-2 letsencrypt[18761]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)
My web server is (include version):
N/A, cert is stored on fw appliance
The operating system my web server runs on is (include version):
N/A, cert is stored on fw appliance
My hosting provider, if applicable, is:
Na
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Sophos UTM 9.6
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
N/A
So if /var/storage/chroot-reverseproxy/var/lib/dehydrated/cert_data/certs/www.corpus-sireo.com/cert-1573008853.pem doesn't exist, your installation looks corrupt.
Certificate creation has worked. So it's only an installation problem. But if you have deleted these certificates, you may have to wait. Read
