Too many requests of a given type :: Error creating new order ::

keep this, remove the other. (this is installed by the certbot package, I think. Also check systemctl list-timers --all and see if the certbot one is enabled)


wow, it looks so flashy :smiley:

1 Like

but then, this should not work. maybe you have certbot and certbot-auto, but certbot-auto is only in path for root.

1 Like

Right!? But I’m just covering the fact that I lack so much skills by putting so much decorations.

So when you say remove the other. is there a command to take it off? Or just delete the
/etc/cron.d/letsencrypt
file?

systemctl list-timers --all
Doesn’t show the letsencrypt file, but I do still get an email of that command running.

NEXT                         LEFT          LAST                         PASSED     UNIT                         ACTIVATES
Wed 2020-04-01 18:39:00 JST  14min left    Wed 2020-04-01 18:09:06 JST  15min ago  phpsessionclean.timer        phpsessionclean.service
Wed 2020-04-01 22:24:38 JST  3h 59min left Tue 2020-03-31 22:24:38 JST  20h ago    systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Wed 2020-04-01 23:30:57 JST  5h 6min left  Wed 2020-04-01 02:10:49 JST  16h ago    motd-news.timer              motd-news.service
Thu 2020-04-02 02:24:35 JST  7h left       Wed 2020-04-01 12:01:58 JST  6h ago     apt-daily.timer              apt-daily.service
Thu 2020-04-02 06:32:28 JST  12h left      Wed 2020-04-01 06:54:11 JST  11h ago    apt-daily-upgrade.timer      apt-daily-upgrade.service
Thu 2020-04-02 08:08:04 JST  13h left      Wed 2020-04-01 17:28:45 JST  56min ago  certbot.timer                certbot.service
Mon 2020-04-06 00:00:00 JST  4 days left   Mon 2020-03-30 00:00:02 JST  2 days ago fstrim.timer                 fstrim.service
n/a                          n/a           n/a                          n/a        snapd.snap-repair.timer     
n/a                          n/a           n/a                          n/a        ureadahead-stop.timer        ureadahead-stop.service

9 timers listed.

there’s a certbot one, it’s running.

should be fine.

you should check if you have something in /opt

2 Likes

inside /opt/
there is

/opt                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
├── certbot-auto                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
└── eff.org                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
    └── certbot                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
        └── venv                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
            ├── bin                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
            │   ├── activate                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
            │   ├── activate.csh                                                                                                                                                                                                                                                                                                                                                                                                                                                              
            │   ├── activate.fish      
            ...

This is usually the moment when I start deleting stuff and then mess up everything even worst.

backup, before.

or move instead of delete.

1 Like

:sweat_smile:
Ubuntu can backup?
So, who should I kill? Or delete?

man tar :wink:

tar -cf ~/filename.tar /directory/to/backup

1 Like

Ok so do that tar backup and then

delete:

/etc/cron.d/letsencrypt

and also delete

/opt/certbot-auto

?

you can delete the entire /opt directory, if the only contents are certbot-auto and eff.org (whose contents are certbot only)

but before you might want to run certbot renew --dry-run to see if your non-auto certbot works.

1 Like

Well that was a lot of red: :dizzy_face:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (mail.ryuuzaki.jp) from /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Cleaning up challenges
Attempting to renew cert (ryuuzaki.jp) from /etc/letsencrypt/renewal/ryuuzaki.jp.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
  /etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (failure)
  /etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)

this is another issue. you should probably use another authenticator, --webroot or whatever is proper for your http server (--apache or --nginx, but these also install certificates).

don’t forget --dry-run, you are dancing on rate limits.

2 Likes

I have no idea what was all that, but somehow I added --apache and no more red:

sudo certbot renew --apache --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.ryuuzaki.jp
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ryuuzaki.jp
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
  /etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

so now I delete

/opt

and

/etc/cron.d/letsencrypt

?

yep, but make sure that the config files in /etc/letsencrypt/renewal know to use apache instead of standalone

1 Like

so change

authenticator = standalone

for

authenticator = apache

inside both configuration files?

I think so, yes. It should work. Then check with certbot renew --dry-run to see if it pulls the config from those files.

1 Like

It seems like it did like it this time, no red:

sudo certbot renew --dry-run                            
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/mail.ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/ryuuzaki.jp.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Attempting to parse the version 0.35.1 renewal configuration file found at /etc/letsencrypt/renewal/ryuuzaki.jp.conf with version 0.31.0 of Certbot. This might not work.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer None
Renewing an existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mail.ryuuzaki.jp/fullchain.pem (success)
  /etc/letsencrypt/live/ryuuzaki.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

now kill the file and folder?

Yes, but always backup. :smiley:

1 Like

Ok I thought I back-up but I didn’t and killed the 2 files and folder.

After that run the --dry-run thingy without --apache and still no errors.

Is there a way to check that the certbot will run automatically in the future?

The systemctl list-timers command should tell you when the next run is.

And systemctl status certbot should tell you something more on the last run

1 Like