Hello, I'm using Lets Encrypt to secure my websites only running into a problem atm. I created a subdomain for my site and wanted to secure it with SSL, but found out I'm getting this error: Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: mydomain.com Now I know that my SSL certs get renewed every day (bit of an overkill..) but can't find the cronjob doing that... :S Anyone know where I should look? My crontab shows: * * * * * /usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done * * * * * /usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done 0 * * * * /home/cacheclear.sh Where the cacheclear only clears the memory cache.
if you installed certbot, its cron is located at: /etc/cron.d/certbot acme.sh uses the regular crontab, but since you don't see it here, I guess you didn't install that. How did you install letsencrypt?
there is a lot of "perfect server" tutorials, and the one I used did not install letsencrypt, which on did you follow?
ISPConfig's own tutorial: https://www.howtoforge.com/tutorial...8-4-jessie-apache-bind-dovecot-ispconfig-3-1/
it's a file, but I don't know what the script installed could you try this: Code: grep -r certbot /etc/cron*
[email protected]***:~# grep -r encrypt /etc/cron* /etc/cron.daily/popularity-contest: --armor -o "$POPCONGPG" -r $POPCONKEY --encrypt "$POPCON" [email protected]***:~# grep -r acme /etc/cron* [email protected]***:~#
it might be ISPConfig instead of a cron, have a look at /usr/local/ispconfig/server/lib/classes/cron.d/900-letsencrypt.inc.php
This is in that file: PHP: class cronjob_letsencrypt extends cronjob { // job schedule protected $_schedule = '0 3 * * *'; public function onRunJob() { global $app, $conf; $letsencrypt = explode("\n", shell_exec('which letsencrypt certbot /root/.local/share/letsencrypt/bin/letsencrypt')); $letsencrypt = reset($letsencrypt); if(is_executable($letsencrypt)) { $version = trim(exec($letsencrypt . ' --version 2>/dev/null')); if(preg_match('/^(\S+)\s+(\d+(\.\d+)+)$/', $version, $matches)) { $type = strtolower($matches[1]); $version = $matches[2]; if(($type != 'letsencrypt' && $type != 'certbot') || version_compare($version, '0.7.0', '<')) { exec($letsencrypt . ' -n renew'); $app->services->restartServiceDelayed('httpd', 'reload'); } else { $marker_file = '/usr/local/ispconfig/server/le.restart'; $cmd = "echo '1' > " . $marker_file; exec($letsencrypt . ' -n renew --post-hook ' . escapeshellarg($cmd)); if(file_exists($marker_file) && trim(file_get_contents($marker_file)) == '1') { unlink($marker_file); $app->services->restartServiceDelayed('httpd', 'reload'); } } } else { exec($letsencrypt . ' -n renew'); $app->services->restartServiceDelayed('httpd', 'reload'); } } parent::onRunJob(); }} But the question is also: Even when I change the cert renewal to once a month, I will keep having the same problem because I have too many sub-domains with a cert right? Counted the sub-domains where I want a cert for but there are only 4 at the moment. But when that becomes more in the future I have the same problem right?
yes, this php script is executed by ISPC cron, and it executes: /root/.local/share/letsencrypt/bin/letsencrypt -n renew Strange why ISPC doesn't rely upon certbot own cron, but anyway, you should now look at letsencrypt log files to know what goes wrong with renewals, in /var/log/letsencrypt
Well it goes wrong with this error: Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: mydomain.com But that's probably because the renewal of the cert is done every day and you can only renew 7 certs per week.
Code: # renew_before_expiry = 30 days version = 0.9.3 cert = /etc/letsencrypt/live/mydomain.com/cert.pem privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem chain = /etc/letsencrypt/live/mydomain.com/chain.pem fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem # Options used in the renewal process [renewalparams] account = b2bc5d3e9d54f19249e80315676c35b5 authenticator = webroot rsa_key_size = 4096 installer = None [[webroot_map]] mydomain.com = /usr/local/ispconfig/interface/acme www.mydomain.com = /usr/local/ispconfig/interface/acme Is in the conf, but when I check the sites with a Lets Encrypt cert, I see that the certs are renewed every day.