ich habe Probleme ein Zertifikat von letsencrypt zu erhalten.
Fehlermeldung anfänglich:
Fehlemeldung jetzt:...
Domain: www.meinedomain.de
Type: malformed
Detail: Failed to connect to xxx.xxx.xxx.xxx:443 for tls-sni-01
challenge: Server only speaks HTTP, not TLS
/var/log/letsencrypt/letsencrypt.log...
blank to select all options shown (Enter 'c' to cancel):1
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
Please see the logfiles in /var/log/letsencrypt for more details.
Vorgehensweise habe ich wie hier -> https://strato.de/blog/lets-encrypt-auf ... rtifikate/ durchgeführt.2017-04-30 15:48:58,445:DEBUG:acme.client:Storing nonce: e_3A1TKBAPcVGf_AzxN3TyhXOWNsRiIXqccUKvP57Gk
2017-04-30 15:48:58,447:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 755, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 597, in run
certname, lineage)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 316, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 285, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 66, in get_authorizations
self.authzr[domain] = self.acme.request_domain_challenges(domain)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 212, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 191, in request_challenges
response = self.net.post(self.directory.new_authz, new_authz)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 670, in post
return self._post_once(*args, **kwargs)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 683, in _post_once
return self._check_response(response, content_type=content_type)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 570, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
Der Port 443 ist von außen erreichbar.
Ich habe so ziemlich die Nase voll und weiß nicht mehr wo ich ansetzen kann.
Apache ist mit ssl und in dem virtuellen Host steht folgendes:
Hat jemand eine Idee wo es eine Anleitung IN DEUTSCH gibt, wie ich hier den Fehler untersuchen kann bzw. hier zum Erfolg komme?<IfModule mod_ssl.c>
<VirtualHost www.meinedomain.de:443>
DocumentRoot /var/www/html/meinedomain.de/
ServerName meinedomain.de
ServerAlias www.meinedomain.de
HostNameLookups off
LogLevel error
ServerAdmin webmaster@meinedomain.de
ErrorLog /var/log/apache2/meinedomain.de_error.log
CustomLog /var/log/apache2/meinedomain.de_access.log "combined"
DirectoryIndex index.php
<Directory "/var/www/html/meinedomain.de/">
Irrelevant
</Directory>
</VirtualHost>
</IfModule>
Per google bekomme ich hunderte Anleitungen/ Foren wo die Fehler beschrieben sind. Aber, es löst nicht das Problem.
Zumeist findet man was zu dem geschlossenen Port 443. Der ist aber auf jeden Fall offen.
Viele Grüße
cos
PS: Aktuell verwende ich $ certbot --apache certonly
Rückgabe im /var/log/apache2/error.log
[Sun Apr 30 19:22:45.042839 2017] [ssl:warn] [pid 21043] AH01906: d69629247a6b189204a163e4514cf46a.a62194129f5ac343325657912f745662.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Apr 30 19:22:45.043339 2017] [mpm_prefork:notice] [pid 21043] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations