Trying to renew certs please help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rcsoftware.ddns.me, geocaching.ddns.net

I ran this command:

It produced this output: (AcmeProtocolException): Error creating new order :: too many certificates already issued for exact set of domains: geocaching.ddns.net,rcsoftware.ddns.me: see https://letsencrypt.org/docs/rate-limits/

My web server is (include version): Apache

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I’m using A Simple Windows ACMEv2 client (WACS) Version 2.1.5.742

I have been running this for many years now without problem but I have another domain that I wish to remove as it no longer exists but now I can’t get these two to work.
Do I just have to wait longer before I try again?

Regards
Rodney

Hi @Rodney6919

you have 5 identical certificates. So use one of these.

That was very fast reply.

I’m not sure how to use them, I run the tool and I get PEM;s back but the last renew failed because of the missing name so now I’m trying to set it back up with out the third name but it’s failing and I’m not getting the PEM files.

I need the PEM files to copy them into the apache certificate folder, my current certs expire 10 June 2020.

The certificate was successfully renewed five times yesterday.

Edit: To correct myself, 5 certificates with the two names were successfully issued yesterday.

But I didn’t get any PEM’s back so I don’t know how to run the tool to create the PEM’s now.

Try checking within the Windows certificate store.
c:\windows\system32\certmgr.msc
or
MMC
add snap-in (ctrl-m)
certificates
local computer

So the one’s I have in Windows certificate store are the one I’m currently using that expire 10 June 2020.

I don’t know that it may make much of a difference, but there is a newer client version 2.1.7 available.

There is a very well documented website specifically just for that software:
https://www.win-acme.com/

I found this there:

OK so I tried the newer version and got a new option that I have tried in test mode and it validated everything OK but I got the following failure ‘Keyset does not exist’:

Authorize identifier geocaching.ddns.net
Authorizing geocaching.ddns.net using http-01 validation (FileSystem)
Answer should now be browsable at http://geocaching.ddns.net/.well-known/acme-challenge/2OPTNG2MWwW1VaKFMf9FdmEdQ1XnmvO6OvDxlW2cTFo

[–test] Try in default browser? (y/n*) -

Preliminary validation looks good, but the ACME server will be more thorough
Authorization result: valid
Authorize identifier rcsoftware.ddns.me
Authorizing rcsoftware.ddns.me using http-01 validation (FileSystem)
Answer should now be browsable at http://rcsoftware.ddns.me/.well-known/acme-challenge/r3BR7dYMffR6HT0mthh64KffjoRpSWfbhohtrAhDlbM

[–test] Try in default browser? (y/n*) -

Preliminary validation looks good, but the ACME server will be more thorough
Authorization result: valid
Requesting certificate [Manual] rcsoftware.ddns.me
(WindowsCryptographicException): Keyset does not exist

Anyone know what this is?

I sure don’t.
Try also asking on/through the software site.
https://www.win-acme.com/support/
That software wasn’t written by, and isn’t maintained by, LE.

Searching through this site, this is the only topic with “Keyset does not exist”.

I think I’ve worked out some things I can run the tool and get the chain and crt but I can’t get the key PEM file and the new renewal date is 2020/7/5 20:30:51.

So my problem now is that I don’t have the key.pem file and no way to create it until 2020/7/5 20:30:51.
This leaves me 25 days without certs on my system.

Try searching through:
%ProgramData%\win-acme\

Yes, I know were the file should be and I think the new files may have been created but I don’t have them now.

Is there a way to recreate these files?

If the private key was deleted, then no—the point of a private key is that it exists only in one place and can’t be guessed or derived from other information¹. Possessing the corresponding private key is what ultimately proves that you’re entitled to use a particular certificate, and so the private key itself is not derivable from any other information.

¹ in a physically realistic amount of time with physically realistic resources

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.