J’ai exécuté cette commande :certbot --nginx -d marr.ghilo.netlib.re -d srx.ghilo.netlib.re
Elle a produit cette sortie : An unexpected error occurred:
AttributeError: can't set attribute
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Mon serveur Web est (inclure la version) :
Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :
ubunto
Je peux me connecter à un shell root sur ma machine : oui
There has been a bug introduced somewhere in Certbot where errors from the ACME server caused this other attribute error, thus hiding the actual ACME servers error message. This bug was fixed in Certbot 2.3.0. Please update your Certbot and try again. It probably shows the ACME server error and we can work from that.
i have this error in my journal Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for "netlib.re". Retry after 2024-06-02T10:00:00Z: see https://letsencrypt.org/docs/rate-limits/*
>nmap -6 -Pn -p80,443 ghilo.netlib.re
Starting Nmap 7.94 ( https://nmap.org ) at 2024-06-01 22:13 UTC
Nmap scan report for ghilo.netlib.re (2001:910:1410:523:0:fada:9123:44f1)
Host is up (0.13s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
Using curl check http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>
and redirects.
I'm not sure how that would be possible. netlib.re is not present in the Public Suffix List (but it should be, as it looks like anyone can register a subdomain under netlib.re...). Maybe a rate limit exemption? How did you count this?
I believe Let's Debug uses crt.sh and often their search results are not correct for domains with a lot of certificates issued.. Earlier when I tried crt.sh was down, sooo
The tricky part of counting against the 50/week limit is this
Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit,
from the Rate Limits docs. I spot checked a couple recently issued for that registered domain and they were renewals. This difficulty counting is probably the reason Let's Debug warns about being inaccurate.
The best option is just to wait until the date/time given in the message and try again. Also contact the registered domain owner and get on the PSL or request a Rate Limit increase from Let's Encrypt to avoid problem in future.
Another option is to get your own domain name. Or, try using a different (free) ACME Certificate Authority ACME CA Comparison - Posh-ACME
Oh, I read it wrong and I thought that warning was just for the "issuable again on" timestamp. But reading it a second time, I guess the entire calculation is less accurate.
I think Mike uses a different source often, but that source deactivated free API access I believe.. I couln't log into my account anyway..
This is a good idea to do regardless, as currently all users can effectively set a supercookie for netlib.re.
@ghiles-19 both @MikeMcQ and @Osiris give great advice.
Just be aware both of those suggestions processes take time (often significant amount of time), so please set your expiations accordingly.
