letsencrypt problems

Discussion in 'Installation/Configuration' started by Walterpet, Sep 13, 2020.

Tags:
  1. Walterpet

    Walterpet New Member

    Dear Sir,

    On ISP Config i have 15 domains, one of these puntociclismo.it does not want to know how to renew letsencrypt and when I try it gives me the following error:
    WARNING - /usr/bin/letsencrypt ...
    10.09.2020-15:14 - WARNING - Let's Encrypt SSL Cert for: puntociclismo.it could not be issued.
    10.09.2020-15:14 - WARNING - /usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server
    https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email [email protected] --domains puntociclismo.it
    --domains www.puntociclismo.it --webroot-path /usr/local/ispconfig/interface/acme
    How Can I solve?
    Thank you in advance,
    Walter
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. Walterpet

    Walterpet New Member

    Dear Taleman, thank you for your reply.

    I have the domain parked on aruba.it and the website managed with ISP Config on a non-aruba dedicated server
    How should I behave to resolve?
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Untick the Let's Encrypt box in ISPConfig panel for that website.
    When you no longer park that domain and want to use it again, put that tick back in the Let's Encrypt box.
     
  5. Walterpet

    Walterpet New Member

    the domain will always remain on aruba.it and the website managed with ISP Config on a non-aruba dedicated server
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You can only get LE certs for domains that point to your server in DNS. If that domain points to a different server, then you can't get a LE cert for it. Besides that, the let's encrypt error FAQ contains detailed instruction on how to debug all kind of LE errors, just follow it step by step and in your case, look at the letsencrypt.log to find out why they reject to issue the cert. But if the domain doe snot point to your server, then it should be clear why they refused to issue it.
     
  7. Walterpet

    Walterpet New Member

    the domain points to the ip where ISPConfig is
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Fine, then you can find the reason why LE refused to issue a cert in your issue in the letsencrypt.log file.
     
  9. Walterpet

    Walterpet New Member

    where can i find this file?
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  11. Walterpet

    Walterpet New Member

    2020-09-14 15:45:05,712:DEBUG:certbot.log:Exiting abnormally:
    Traceback (most recent call last):
    File "/usr/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
    File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
    File "/usr/lib/python3/dist-packages/certbot/main.py", line 1254, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
    File "/usr/lib/python3/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
    File "/usr/lib/python3/dist-packages/certbot/client.py", line 391, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
    File "/usr/lib/python3/dist-packages/certbot/client.py", line 334, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
    File "/usr/lib/python3/dist-packages/certbot/client.py", line 366, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 889, in new_order
    return self.client.new_order(csr_pem)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 672, in new_order
    response = self._post(self.directory['newOrder'], order)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 96, in _post
    return self.net.post(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 1204, in post
    return self._post_once(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 1218, in _post_once
    response = self._check_response(response, content_type=content_type)
    File "/usr/lib/python3/dist-packages/acme/client.py", line 1073, in _check_response
    raise messages.Error.from_json(jobj)
    acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    2020-09-14 15:45:05,713:ERROR:certbot.log:An unexpected error occurred:
    2020-09-14 15:45:05,713:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Click on the links in the error message, they explain why LE did not issue the cert.
     
  13. Walterpet

    Walterpet New Member

    Thanks for your time but I can't resolve.
    I give up
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    All you have to do is to wait a bit. You tried to get LE certs too frequently and hit their error limit, that's all.
     
    ahrasis likes this.
  15. Walterpet

    Walterpet New Member

    I waited for the right amount of time, deleted the certificate and after days I created it again. The certificate check is ok but the connection to the site is not secure, in fact I have lost all my visitors.
    I am very disappointed with ISP config and your advice which remains approximate only to induce me to make a payment to solve a small problem due to your service.
    On top of that, I only got the php 7.2 version installed when version 7.3 and 7.4 was ready. all because you ask for paid assistance.
    Since I have been using ISP Config, google Adsense also complains. Bah.
    Are you satisfied with letting your customer fall into the abyss just for trusting you?
     
  16. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Let's Encrypt service is not provided by ISPConfig or Howtoforge.
    Seems you got
    Only waiting until the rate limit expires helps with that.
    That is another problem, but looks like you did not ask for help with that.
    Maybe the problem started when you parked a domain but still continued to use it, and thus could not get LE certificate.
     
    ahrasis likes this.
  17. Walterpet

    Walterpet New Member

    ma la mia domanda è sempre stata semplice: come risolvo questo problema?
     
  18. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    Sadly I am not sure what you're saying.

    ISPConfig is free to use and nobody is obliged to help you. But here are several users on this forum that are kind enough to do so, why don't you start with being respectful to them?

    I will try to help you though. Is the LE checkbox checked?
    Have you gone through the earlier posted FAQ: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
     
  19. Walterpet

    Walterpet New Member

    Dear Thom,

    I am always very respectful.
    ISP config is free but I chose to have it configured by you and paid the requested amount.
    Isp config was configured with only version 7.2, I asked for the other versions to be installed in order to choose based on the type of website, I was told that it can be done and nothing more.
    I also had configuration problems with other sites' certificates. Long story short, I paid for the setup which was made in my opinion incomplete and then I was left to the wind.
    I did not turn to you who give a free consultancy service but to those who asked me for money to configure isp config and then abandoned me without answering me anymore.
    What do you think about it?
     
  20. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    I guess you had it set up by @florian030 from Schaal-IT, who offers ISPConfig support to individuals and businesses. ispconfig.org refers to hem, but Schaal-IT is a external company and the maintainers of ISPConfig are not a part of Schaal-IT.

    I can't say what went wrong here because as said, we are not a part of Schaal-IT (and I'm not even sure if you had it set up by him or a different company).

    So if you have any complaints, please direct them at the company that set up your system(s), and not other members of the ISPConfig team/community.
     
    ahrasis likes this.

Share This Page