Let's Encrypt not working with one website (but is okay with the others!)

Discussion in 'Installation/Configuration' started by Joueur Citoyen, Mar 25, 2018.

  1. Joueur Citoyen

    Joueur Citoyen New Member

    Hello and thanks for the good work.
    I've got a critical problem with one of my websites. I've installed multiple websites on one server with ISP Config 3 and everything went smoothly. But for one particular domain, I can't get Let's Encrypt to work.
    http travesti.fr — it works.
    https travesti.fr — I'm redirect to any site but I desactivated all of them so now I'm redirect to Debian Apache Default Page.
    Whenever I click "Let's Encrypt", the checkbox stayed unchecked.
    I erased everything and all and tried to reinstall but it is the same :(
    Do you have a clue about this one?
     
  2. ahrasis

    ahrasis Active Member

    Actually, nobody has the clue except you and normally, you have to check your LE logs for it.

    I would check the vhost and the bind folder of travesti.fr for any error file and via "ls -lt /etc/letsencrypt/*/*travesti.fr*" to see what is the result especially in the renewal folder.

    By the way, when you said you erased everything, what did you actually mean?
     
  3. Joueur Citoyen

    Joueur Citoyen New Member

    Hello ahrasis, thanks for your reply.
    What I meant by "erasing everything" is: I erased the website from the Websites section.
    I'm sorry but how can I check the bind folder as well as the vhosts?
    As for "ls -lt /etc/letsencrypt/*/*travesti.fr*", I get this reply:
    Code:
    -rw-r--r-- 1 root root 705 mars  23 17:04 /etc/letsencrypt/renewal/travesti.fr.conf~backup
    -rw-r--r-- 1 root root 665 mars   8 03:02 /etc/letsencrypt/renewal/wordpress.travesti.fr.conf
    -rw-r--r-- 1 root root 745 janv.  3 01:15 /etc/letsencrypt/renewal/reset.travesti.fr.conf~backup
    Thanks for your reply. Maybe I broke LE and I should reinstall my server?
     
  4. ahrasis

    ahrasis Active Member

    Apache vhost: ls -lt /etc/apache/sites-e*/*travesti.fr*
    Nginx vhost: ls -lt /etc/nginx/sites-e*/*travesti.fr*
    Bind: ls -lt /etc/bind/*travesti.fr*

    I would prefer learning on how to find the cause rather than reinstall my server.

    That said, you can try deleting the problematic site LE folder ("rm -rf /etc/letsencrypt/renewal/travesti.fr* /etc/letsencrypt/archive/travesti.fr* /etc/letsencrypt/live/travesti.fr*"), create the site again (since you have erased/deleted it) and once you can access the site, try enabling LE again:
     
  5. Joueur Citoyen

    Joueur Citoyen New Member

    You are 100%, I should try to understand where the problem is.
    I dit delete the LE files you told me too but I still cannot enable LE.
    So, I ran the files you mentionned:
    ls -lt /etc/apache2/sites-e*/*travesti.fr*
    Code:
    lrwxrwxrwx 1 root root 46 mars  25 07:02 /etc/apache2/sites-enabled/100-travesti.fr.vhost -> /etc/apache2/sites-available/travesti.fr.vhost
    lrwxrwxrwx 1 root root 56 mars  25 06:53 /etc/apache2/sites-enabled/100-wordpress.travesti.fr.vhost -> /etc/apache2/sites-available/wordpress.travesti.fr.vhost
    ls -lt /etc/nginx/sites-e*/*travesti.fr*
    Code:
    Cannot find it, I think nginx is not installed?
    ls -lt /etc/bind/*travesti.fr*
    Code:
    I can't find what we're looking for, only avaible files and folders are as follow: bind.keys  db.0  db.127  db.255  db.empty  db.local  db.root  named.conf  named.conf.default-zones  named.conf.local  named.conf.options  rndc.key  slave  zones.rfc1918
    Does something seem suspicious?
    When I check Let's Encrypt again, it is as if he cannot create it the files anymore. Something may prevent ISPConfig from doing so maybe?
     
    Last edited: Mar 25, 2018
  6. ahrasis

    ahrasis Active Member

    Sorry, you should check Apache vhost: ls -lt /etc/apache/sites-a*/*travesti.fr* to look if one of its vhost file ended with .err.

    It seems that you are running a dns server since your /etc/bind doesn't show any bind files.

    About letsencrypt, did you check its logs? They should be inside /var/log/letsencrypt folder.
     
  7. Joueur Citoyen

    Joueur Citoyen New Member

    Hi again — none of the file ends with .err.
    As far as error logs are concerned, there are manyfiles (.log, .log.1, .log.10...) but I opened letsencrypt.log.
    I've uploaded it: https: joueurcitoyen.fr/letsencrypt.log
    But I don't really understand it... But the bottom part says:
    Code:
    "type": "urn:acme:error:rateLimited",
    "detail": "Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/",
    "status": 429
    }
    2018-03-25 12:49:07,234:DEBUG:acme.client:Storing nonce: s_rAsRvgGlobKLl8GOzEdbtVvl1tTfI2tWcXdvbVtPQ
    2018-03-25 12:49:07,234:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
    File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module>
    sys.exit(main())
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
    return config.func(config, plugins)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 336, in obtain_certificate
    domains, csr, authzr=authzr)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 278, in obtain_certificate_from_csr
    authzr)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 314, in request_issuance
    headers={'Accept': content_type})
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 709, in post
    return self._post_once(*args, **kwargs)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 722, in _post_once
    return self._check_response(response, content_type=content_type)
    File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 583, in _check_response
    raise messages.Error.from_json(jobj)
    Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/
    2018-03-25 12:49:07,236:ERROR:certbot.log:An unexpected error occurred:
    2018-03-25 12:49:07,236:ERROR:certbot.log:There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/
    Do you think this is the problem?
     
  8. ahrasis

    ahrasis Active Member

    Yes. You have to stop requesting for LE SSL certs for that domain for a while. Wait a week or so before requesting a new one for it.

    Do read further here as suggested by it: https://letsencrypt.org/docs/rate-limits/
     

Share This Page