What to do in case of the error "too many failed authorizations recently"

The Apache docs would be a good place to consult for this question.

4 Likes

Here details on Apache can be found in documentation and forums:

3 Likes

root@sk1:/home/bitrix/script# certbot certonly --manual
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): bx.btasia.ru
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/bx.btasia.ru.conf)

What would you like to do?


1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for bx.btasia.ru


Create a file containing just this data:

tUk2RlP7nfDKG-PwuKBodHX-36FyBWG_WYBje6dKFvI.AIObjWsm3aUJqY-W_X_qCnESOQVtJmr9I1hZIGbVGxU

And make it available on your web server at this URL:

http://bx.btasia.ru/.well-known/acme-challenge/tUk2RlP7nfDKG-PwuKBodHX-36FyBWG_WYBje6dKFvI


Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/bx.btasia.ru/fullchain.pem
Key is saved at: /etc/letsencrypt/live/bx.btasia.ru/privkey.pem
This certificate expires on 2024-11-03.
These files will be updated when the certificate renews.

image
I was able to create certificates and run express server on them, without redirecting to apache, but I still get a message that the site is not secure. Is it because the domain is not working now?

Let’s Encrypt offers Domain Validation (DV) certificates; and NOT Certificates for IP Addresses presently.

2 Likes

Got it, then when I set up redirection in apache, everything should work?

There are many ways to "set up redirection in apache", I can say that they are not all equal.
If you are going to redirect to an IP, it will not match the [FQDN] name on the cert.

As for "everything should work"...
It is difficult to clearly understand what all you are even asking about that should then be working.
It is, however, clear to me that the renewals have not been setup to be automated; So, that part is definitely not as I would like it to be working.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.