Let's Encrypt not working with one website (but is okay with the others!)

Discussion in 'Installation/Configuration' started by Joueur Citoyen, Mar 25, 2018.

  1. Joueur Citoyen

    Joueur Citoyen New Member

    Hello and thanks for the good work.
    I've got a critical problem with one of my websites. I've installed multiple websites on one server with ISP Config 3 and everything went smoothly. But for one particular domain, I can't get Let's Encrypt to work.
    http travesti.fr — it works.
    https travesti.fr — I'm redirect to any site but I desactivated all of them so now I'm redirect to Debian Apache Default Page.
    Whenever I click "Let's Encrypt", the checkbox stayed unchecked.
    I erased everything and all and tried to reinstall but it is the same :(
    Do you have a clue about this one?
     
    Joueur Citoyen, Mar 25, 2018
    #1
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Actually, nobody has the clue except you and normally, you have to check your LE logs for it.

    I would check the vhost and the bind folder of travesti.fr for any error file and via "ls -lt /etc/letsencrypt/*/*travesti.fr*" to see what is the result especially in the renewal folder.

    By the way, when you said you erased everything, what did you actually mean?
     
    ahrasis, Mar 25, 2018
    #2
  3. Joueur Citoyen

    Joueur Citoyen New Member

    Hello ahrasis, thanks for your reply.
    What I meant by "erasing everything" is: I erased the website from the Websites section.
    I'm sorry but how can I check the bind folder as well as the vhosts?
    As for "ls -lt /etc/letsencrypt/*/*travesti.fr*", I get this reply:
    Code:
    -rw-r--r-- 1 root root 705 mars  23 17:04 /etc/letsencrypt/renewal/travesti.fr.conf~backup
-rw-r--r-- 1 root root 665 mars   8 03:02 /etc/letsencrypt/renewal/wordpress.travesti.fr.conf
-rw-r--r-- 1 root root 745 janv.  3 01:15 /etc/letsencrypt/renewal/reset.travesti.fr.conf~backup
    Thanks for your reply. Maybe I broke LE and I should reinstall my server?
     
    Joueur Citoyen, Mar 25, 2018
    #3
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Apache vhost: ls -lt /etc/apache/sites-e*/*travesti.fr*
    Nginx vhost: ls -lt /etc/nginx/sites-e*/*travesti.fr*
    Bind: ls -lt /etc/bind/*travesti.fr*

    I would prefer learning on how to find the cause rather than reinstall my server.

    That said, you can try deleting the problematic site LE folder ("rm -rf /etc/letsencrypt/renewal/travesti.fr* /etc/letsencrypt/archive/travesti.fr* /etc/letsencrypt/live/travesti.fr*"), create the site again (since you have erased/deleted it) and once you can access the site, try enabling LE again:
     
    ahrasis, Mar 25, 2018
    #4
  5. Joueur Citoyen

    Joueur Citoyen New Member

    You are 100%, I should try to understand where the problem is.
    I dit delete the LE files you told me too but I still cannot enable LE.
    So, I ran the files you mentionned:
    ls -lt /etc/apache2/sites-e*/*travesti.fr*
    Code:
    lrwxrwxrwx 1 root root 46 mars  25 07:02 /etc/apache2/sites-enabled/100-travesti.fr.vhost -> /etc/apache2/sites-available/travesti.fr.vhost
lrwxrwxrwx 1 root root 56 mars  25 06:53 /etc/apache2/sites-enabled/100-wordpress.travesti.fr.vhost -> /etc/apache2/sites-available/wordpress.travesti.fr.vhost
    ls -lt /etc/nginx/sites-e*/*travesti.fr*
    Code:
    Cannot find it, I think nginx is not installed?
    ls -lt /etc/bind/*travesti.fr*
    Code:
    I can't find what we're looking for, only avaible files and folders are as follow: bind.keys  db.0  db.127  db.255  db.empty  db.local  db.root  named.conf  named.conf.default-zones  named.conf.local  named.conf.options  rndc.key  slave  zones.rfc1918
    Does something seem suspicious?
    When I check Let's Encrypt again, it is as if he cannot create it the files anymore. Something may prevent ISPConfig from doing so maybe?
     
    Last edited: Mar 25, 2018
    Joueur Citoyen, Mar 25, 2018
    #5
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Sorry, you should check Apache vhost: ls -lt /etc/apache/sites-a*/*travesti.fr* to look if one of its vhost file ended with .err.

    It seems that you are running a dns server since your /etc/bind doesn't show any bind files.

    About letsencrypt, did you check its logs? They should be inside /var/log/letsencrypt folder.
     
    ahrasis, Mar 25, 2018
    #6
  7. Joueur Citoyen

    Joueur Citoyen New Member

    Hi again — none of the file ends with .err.
    As far as error logs are concerned, there are manyfiles (.log, .log.1, .log.10...) but I opened letsencrypt.log.
    I've uploaded it: https: joueurcitoyen.fr/letsencrypt.log
    But I don't really understand it... But the bottom part says:
    Code:
    "type": "urn:acme:error:rateLimited",
"detail": "Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
}
2018-03-25 12:49:07,234:DEBUG:acme.client:Storing nonce: s_rAsRvgGlobKLl8GOzEdbtVvl1tTfI2tWcXdvbVtPQ
2018-03-25 12:49:07,234:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/certbot", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 336, in obtain_certificate
domains, csr, authzr=authzr)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 278, in obtain_certificate_from_csr
authzr)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 314, in request_issuance
headers={'Accept': content_type})
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 709, in post
return self._post_once(*args, **kwargs)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 722, in _post_once
return self._check_response(response, content_type=content_type)
File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 583, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/
2018-03-25 12:49:07,236:ERROR:certbot.log:An unexpected error occurred:
2018-03-25 12:49:07,236:ERROR:certbot.log:There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: travesti.fr: see https://letsencrypt.org/docs/rate-limits/
    Do you think this is the problem?
     
    Joueur Citoyen, Mar 25, 2018
    #7
  8. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Yes. You have to stop requesting for LE SSL certs for that domain for a while. Wait a week or so before requesting a new one for it.

    Do read further here as suggested by it: https://letsencrypt.org/docs/rate-limits/
     
    ahrasis, Mar 25, 2018
    #8

Share This Page