Unable to update certbot for 2 of 3 servers


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pusher.pynlab.com

I ran this command: certbot --nginx -d pusher.pynlab.com --preferred-challenges http

It produced this output:You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/pusher.pynlab.com.conf)
Deploying Certificate to VirtualHost /etc/nginx/conf.d/pusher.conf
nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32
Rolling back to previous server configuration…

My web server is (include version): nginx version: nginx/1.12.2

The operating system my web server runs on is (include version): CentOS Linux 7 (Core)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.29.1


#2

Hi @chrisatta

I see, you have already checked your domain via https://check-your-website.server-daten.de/?q=pusher.pynlab.com

There is a new certificate, created yesterday:

CN=pusher.pynlab.com
	12.02.2019
	13.05.2019
expires in 89 days	pusher.pynlab.com - 1 entry

So use this certificate 60 - 85 days, then create a new.

You have created a lot of certificates in the last days. So you may hit the limit.

https://crt.sh/?q=pusher.pynlab.com

To fix that

read

http://nginx.org/en/docs/http/server_names.html

and update your config:

http {
    server_names_hash_bucket_size  64;
...

#3

we have two other servers pointing to pusher.pynlab.com. Can I copy the new certificates on these machines?


#4

Yes. You can use the same certificate with different servers.