• @phenomlab

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Renewing an existing certificate
    An unexpected error occurred:
    There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    Please see the logfiles in /var/log/letsencrypt for more details.

    so i need to wait hour? month? 🐶


  • @justoverclock Yep, that’s the rate-limit message. Try again in an hour.


  • @phenomlab after one hour or more:

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Renewing an existing certificate
    Performing the following challenges:
    dns-01 challenge for justoverclock.it
    dns-01 challenge for justoverclock.it
    Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
    Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
    Waiting for verification...
    Challenge failed for domain justoverclock.it
    Challenge failed for domain justoverclock.it
    dns-01 challenge for justoverclock.it
    dns-01 challenge for justoverclock.it
    Cleaning up challenges
    Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
    Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
    Some challenges have failed.
    IMPORTANT NOTES:
     - The following errors were reported by the server:
    
       Domain: justoverclock.it
       Type:   dns
       Detail: DNS problem: NXDOMAIN looking up TXT for
       _acme-challenge.justoverclock.it - check that a DNS record exists
       for this domain
    
       Domain: justoverclock.it
       Type:   dns
       Detail: DNS problem: NXDOMAIN looking up TXT for
       _acme-challenge.justoverclock.it - check that a DNS record exists
       for this domain
    

  • @justoverclock Seems your _acme-challenge DNS record is missing ?

    f0b3710d-40fa-4480-a520-1abc88385f2d-image.png


  • @phenomlab didn’t touch anything from your last visit 👀


  • @justoverclock Very odd. Let me have a look at another way


  • @justoverclock I have installed the --nginx version of certbot on your server as per
    https://sudonix.com/post/689

    It’s showing that the renewal will work, but the rate-limit is currently still enforced, so we still need to wait.

    Performing the following challenges:
    http-01 challenge for justoverclock.it
    http-01 challenge for www.justoverclock.it
    Waiting for verification...
    Cleaning up challenges
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    new certificate deployed with reload of nginx server; fullchain is
    /etc/letsencrypt/live/justoverclock.it/fullchain.pem
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ** DRY RUN: simulating 'certbot renew' close to cert expiry
    **          (The test certificates below have not been saved.)
    
    Congratulations, all renewals succeeded. The following certs have been renewed:
      /etc/letsencrypt/live/admin.justoverclock.it/fullchain.pem (success)
      /etc/letsencrypt/live/forum.justoverclock.it/fullchain.pem (success)
      /etc/letsencrypt/live/justoverclock.it/fullchain.pem (success)
    ** DRY RUN: simulating 'certbot renew' close to cert expiry
    **          (The test certificates above have not been saved.)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    IMPORTANT NOTES:
     - Your account credentials have been saved in your Certbot
       configuration directory at /etc/letsencrypt. You should make a
       secure backup of this folder now. This configuration directory will
       also contain certificates and private keys obtained by Certbot so
       making regular backups of this folder is ideal.
    [email protected]:/home/justoverclock#
    

  • @justoverclock should be resolved now

    fdf08e7a-6c62-429b-815c-a01844528dd6-image.png

    1f1f523e-a0e8-4e29-8e3c-23e26589e5cd-image.png

    As a side note, this renewal won’t show in Virtualmin unless it is requested from there. This is done from the command line, so

    1. SSH into the server
    2. Change to root
    3. Execute certbot --nginx and follow the prompts
  • Topic has been marked as solved  phenomlab phenomlab 

  • @phenomlab so this is the command that i need to use everytime my certificate expire? thank you, precious as always


  • @justoverclock Not necessarily. You only need to use this if it fails from the Virtualmin window


If this topic and the associated threads resolved an issue for you, or was useful, why not buy me a coffee? It's a nice gesture, and there's other ways to donate if you wish 💗

Discover More

  • 10
  • 65
  • 2
  • 20
  • 4
  • 5
  • 13
  • 5