Trying to renew certs please help

Rodney6919 · May 11, 2020, 8:33am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rcsoftware.ddns.me, geocaching.ddns.net

I ran this command:

It produced this output: (AcmeProtocolException): Error creating new order :: too many certificates already issued for exact set of domains: geocaching.ddns.net,rcsoftware.ddns.me: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): Apache

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I’m using A Simple Windows ACMEv2 client (WACS) Version 2.1.5.742

I have been running this for many years now without problem but I have another domain that I wish to remove as it no longer exists but now I can’t get these two to work.
Do I just have to wait longer before I try again?

Regards
Rodney

JuergenAuer · May 11, 2020, 8:35am

Hi @Rodney6919

you have 5 identical certificates. So use one of these.

Rodney6919 · May 11, 2020, 8:41am

That was very fast reply.

I’m not sure how to use them, I run the tool and I get PEM;s back but the last renew failed because of the missing name so now I’m trying to set it back up with out the third name but it’s failing and I’m not getting the PEM files.

I need the PEM files to copy them into the apache certificate folder, my current certs expire 10 June 2020.

mnordhoff · May 11, 2020, 8:44am

The certificate was successfully renewed five times yesterday.

Edit: To correct myself, 5 certificates with the two names were successfully issued yesterday.

Rodney6919 · May 11, 2020, 9:09am

But I didn’t get any PEM’s back so I don’t know how to run the tool to create the PEM’s now.

rg305 · May 11, 2020, 9:21am

Try checking within the Windows certificate store.
c:\windows\system32\certmgr.msc
or
MMC
add snap-in (ctrl-m)
certificates
local computer

Rodney6919 · May 11, 2020, 9:43am

So the one’s I have in Windows certificate store are the one I’m currently using that expire 10 June 2020.

rg305 · May 11, 2020, 9:56am

I don’t know that it may make much of a difference, but there is a newer client version 2.1.7 available.

There is a very well documented website specifically just for that software:
https://www.win-acme.com/

I found this there:

Rodney6919 · May 11, 2020, 10:35am

OK so I tried the newer version and got a new option that I have tried in test mode and it validated everything OK but I got the following failure ‘Keyset does not exist’:

Authorize identifier geocaching.ddns.net
Authorizing geocaching.ddns.net using http-01 validation (FileSystem)
Answer should now be browsable at http://geocaching.ddns.net/.well-known/acme-challenge/2OPTNG2MWwW1VaKFMf9FdmEdQ1XnmvO6OvDxlW2cTFo

[–test] Try in default browser? (y/n*) -

Preliminary validation looks good, but the ACME server will be more thorough
Authorization result: valid
Authorize identifier rcsoftware.ddns.me
Authorizing rcsoftware.ddns.me using http-01 validation (FileSystem)
Answer should now be browsable at http://rcsoftware.ddns.me/.well-known/acme-challenge/r3BR7dYMffR6HT0mthh64KffjoRpSWfbhohtrAhDlbM

[–test] Try in default browser? (y/n*) -

Preliminary validation looks good, but the ACME server will be more thorough
Authorization result: valid
Requesting certificate [Manual] rcsoftware.ddns.me
(WindowsCryptographicException): Keyset does not exist

Anyone know what this is?

rg305 · May 11, 2020, 10:39am

I sure don't.
Try also asking on/through the software site.

That software wasn't written by, and isn't maintained by, LE.

Searching through this site, this is the only topic with "Keyset does not exist".

Rodney6919 · May 11, 2020, 11:52am

I think I’ve worked out some things I can run the tool and get the chain and crt but I can’t get the key PEM file and the new renewal date is 2020/7/5 20:30:51.

So my problem now is that I don’t have the key.pem file and no way to create it until 2020/7/5 20:30:51.
This leaves me 25 days without certs on my system.

rg305 · May 11, 2020, 11:55am

Try searching through:
%ProgramData%\win-acme\

Rodney6919 · May 11, 2020, 11:29pm

Yes, I know were the file should be and I think the new files may have been created but I don’t have them now.

Is there a way to recreate these files?

schoen · May 12, 2020, 12:30am

If the private key was deleted, then no—the point of a private key is that it exists only in one place and can’t be guessed or derived from other information¹. Possessing the corresponding private key is what ultimately proves that you’re entitled to use a particular certificate, and so the private key itself is not derivable from any other information.

¹ in a physically realistic amount of time with physically realistic resources

system · June 11, 2020, 12:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.