Operating system: Ubuntu 20.04LTS
Fresh install. Run through the initial config wizard. Have it use its own defaults to try and set up a Lets Encrypt cert for the default domain… just fails.
Get back into the admin area after typing “thisisunsafe” into Chrome, just so I can get to the normal login page…
VirtualMin > Server Configuration > SSL Cert > Lets Encrypt
Switch to only trying the main domain (instead of the default, and unwanted/un-used server29.DOMAIN.co.uk
www.server29.DOMAIN.co.uk
admin.server29.DOMAIN.co.uk
webmail.server29.DOMAIN.co.uk)
Request Cert… fails.
Odd thing spotted… the log talks about nginx. This is a fresh default install and should be Apache? Why is nginx anywhere in these logs?
Here’s the /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:34,069:DEBUG:certbot.main:certbot version: 0.40.0
2021-06-08 16:28:34,069:DEBUG:certbot.main:Arguments: [’-a’, ‘webroot’, ‘-d’, ‘server29.DOMAIN.co.uk’, ‘–webroot-path’, ‘/home/server29/public_html’, ‘–duplicate’, ‘–force-renewal’, ‘–manual-public-ip-logging-ok’, ‘–non-interactive’, ‘–agree-tos’, ‘–config’, ‘/tmp/.webmin/629635_97126_1_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, ‘server29.DOMAIN.co.uk’]
2021-06-08 16:28:34,070:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-08 16:28:34,082:DEBUG:certbot.log:Root logging level set at 20
2021-06-08 16:28:34,082:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:34,083:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2021-06-08 16:28:34,083:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f01428b0190>
Prep: True
2021-06-08 16:28:34,084:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f01428b0190> and installer None
2021-06-08 16:28:34,084:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2021-06-08 16:28:34,088:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/126405847’, new_authzr_uri=None, terms_of_service=None), 5544de1e5232690abbd16bf62012078c, Meta(creation_dt=datetime.datetime(2021, 6, 8, 16, 17, 6, tzinfo=), creation_host=‘server29.DOMAIN.co.uk’))>
2021-06-08 16:28:34,088:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-08 16:28:34,091:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-08 16:28:34,616:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2021-06-08 16:28:34,617:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:34 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“KUNp7QzIUok”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2021-06-08 16:28:34,617:INFO:certbot.main:Obtaining a new certificate
2021-06-08 16:28:35,020:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2021-06-08 16:28:35,023:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2021-06-08 16:28:35,025:DEBUG:acme.client:Requesting fresh nonce
2021-06-08 16:28:35,025:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-08 16:28:35,155:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2021-06-08 16:28:35,156:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0003MMshIzaBPLLMQK1Cuk1GKhdmMFPC8J0MAF-kqSUWTEs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-06-08 16:28:35,156:DEBUG:acme.client:Storing nonce: 0003MMshIzaBPLLMQK1Cuk1GKhdmMFPC8J0MAF-kqSUWTEs
2021-06-08 16:28:35,157:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “server29.DOMAIN.co.uk”\n }\n ]\n}’
2021-06-08 16:28:35,160:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NDA1ODQ3IiwgIm5vbmNlIjogIjAwMDNNTXNoSXphQlBMTE1RSzFDdWsxR0toZG1NRlBDOEowTUFGLWtxU1VXVEVzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “BDqm3E3nUEmCnTVCYwP4IfN9orPpP677K1PGBlyRK9K5rBWgrRaePggcjpmwfEI-KbDOrEjK79-anY9k4nfsU8d2mTaaOdrq82s8rr25r4ig8Xc-DFxZf_9pVcdR6caWbK0DN8EBbVV-TsBjYd0hEPSAzNSXOLe4pvEFLhVPquVpfvGSVYvdsAb_qlfllQfipAeW2aFtEqbLc7C7UJG3HEF97hDGduxNJWBZX8Q98uoUFhdqhiEPvqvvWDtxSyDRTsBevIBbeZabK8qOvQJaYCWquivzn1R2xk4m6tzKMs8JRNtTE1rb_pcQNHE_4BGxMjEOi7MhJJzovloJH9bDPg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlcnZlcjI5LnZpZXdjcmVhdGl2ZS5jby51ayIKICAgIH0KICBdCn0”
}
2021-06-08 16:28:35,424:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 201
2021-06-08 16:28:35,425:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 08 Jun 2021 16:28:35 GMT
Content-Type: application/problem+json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 126405847
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0004riRyu9WqJWXdj_yeGalbly9PBGsn39geF1jJcOnKCQ8
{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”,
“status”: 429
}
2021-06-08 16:28:35,425:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.40.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1382, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 863, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 666, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1171, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:35,426:ERROR:certbot.log:An unexpected error occurred:
2021-06-08 16:28:35,427:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:36,693:DEBUG:certbot.main:certbot version: 0.40.0
2021-06-08 16:28:36,693:DEBUG:certbot.main:Arguments: [’–manual’, ‘-d’, ‘server29.DOMAIN.co.uk’, ‘–preferred-challenges=dns’, ‘–manual-auth-hook’, ‘/etc/webmin/webmin/letsencrypt-dns.pl’, ‘–manual-cleanup-hook’, ‘/etc/webmin/webmin/letsencrypt-cleanup.pl’, ‘–duplicate’, ‘–force-renewal’, ‘–manual-public-ip-logging-ok’, ‘–non-interactive’, ‘–agree-tos’, ‘–config’, ‘/tmp/.webmin/456624_97126_3_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, ‘server29.DOMAIN.co.uk’]
2021-06-08 16:28:36,693:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-08 16:28:36,705:DEBUG:certbot.log:Root logging level set at 20
2021-06-08 16:28:36,706:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-06-08 16:28:36,706:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2021-06-08 16:28:36,707:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7f0bc6cf6100>
Prep: True
2021-06-08 16:28:36,707:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f0bc6cf6100> and installer None
2021-06-08 16:28:36,707:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-06-08 16:28:36,711:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/126405847’, new_authzr_uri=None, terms_of_service=None), 5544de1e5232690abbd16bf62012078c, Meta(creation_dt=datetime.datetime(2021, 6, 8, 16, 17, 6, tzinfo=), creation_host=‘server29.DOMAIN.co.uk’))>
2021-06-08 16:28:36,712:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-08 16:28:36,713:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-08 16:28:37,224:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2021-06-08 16:28:37,225:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“O2bG3N2CdpE”: “Adding random entries to the directory - API Announcements - Let's Encrypt Community Support”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2021-06-08 16:28:37,225:INFO:certbot.main:Obtaining a new certificate
2021-06-08 16:28:37,401:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
2021-06-08 16:28:37,403:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
2021-06-08 16:28:37,404:DEBUG:acme.client:Requesting fresh nonce
2021-06-08 16:28:37,404:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-08 16:28:37,537:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2021-06-08 16:28:37,538:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 00038gxLRNjAJtP0iRWh_XZYUGBdNKBoBdwNH9rFIc6KApQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-06-08 16:28:37,538:DEBUG:acme.client:Storing nonce: 00038gxLRNjAJtP0iRWh_XZYUGBdNKBoBdwNH9rFIc6KApQ
2021-06-08 16:28:37,538:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “server29.DOMAIN.co.uk”\n }\n ]\n}’
2021-06-08 16:28:37,540:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI2NDA1ODQ3IiwgIm5vbmNlIjogIjAwMDM4Z3hMUk5qQUp0UDBpUldoX1haWVVHQmROS0JvQmR3Tkg5ckZJYzZLQXBRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ”,
“signature”: “WzkxlXBBgyaVxsNaywHZMwNn3b670RFa2Vouq4jMge3xz211Rl_0XVB0sGncbq_bJwkkP6ZUQSYVrsoD6D2yprLGUiasL8QNeBe2dd__cZZtXmSxjHFsGVXRUt89VaJUYjOA3SLpUidMsol5_f-yQPolUCIjL3FGks8990tGGemA0qpok6YJbqIKaVsQCI2VLM62nM2gF_-r4q4txs9hOs0bN_zKlDEY0UplRi57JWEFvHrppSm2ZoxojTjv3syjqzrQgf7u-qrk0gjGm4MHFodxr2V9_OZlMkNkfLLancSf00MSUB0_GJFVXswSCi5sPNcTuOktfjOwcViczIGyLg”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNlcnZlcjI5LnZpZXdjcmVhdGl2ZS5jby51ayIKICAgIH0KICBdCn0”
}
2021-06-08 16:28:37,804:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 201
2021-06-08 16:28:37,805:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Tue, 08 Jun 2021 16:28:37 GMT
Content-Type: application/problem+json
Content-Length: 201
Connection: keep-alive
Boulder-Requester: 126405847
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0004lhPT8s2re5S0JRtf46J_mNNP75p2YCbjGk7KDWToRhA
{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt”,
“status”: 429
}
2021-06-08 16:28:37,805:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.40.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1382, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 863, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 666, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 95, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1171, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
2021-06-08 16:28:37,806:ERROR:certbot.log:An unexpected error occurred:
2021-06-08 16:28:37,807:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt