Topic: Letsencrypt question

[calisun]

I have installed https://wiki.contribs.org/Letsencrypt
It seems to work fine, but my problem is that the limit of domains allowed per day is 100. Since I have less than 100 domains I enabled:

Code: [Select]

config setprop letsencrypt configure all domains
I did not realize that for each domain, the server requests certificate for  www.domain, ftp.domain, mail.domain, and couple other certificates.
So now I am well above 100 limit and it just stops. The problem is that the next day, when I run the request, it does not start where it left off, it just starts from beginning again.

My Question is, how do I disable the command I gave before so I can manually request each domain?

[ReetP]

Go back and read the wiki....

Take out 'all' and then enable per domain or per host e.g.

db domains setprop $DOMAIN letsencryptSSLcert enabled

db hosts setprop $HOSTNAME letsencryptSSLcert enabled

Simples......

[calisun]

ReetP,
I did that already, I did:

Code: [Select]

db domains setprop domain1.com  letsencryptSSLcert enabled
but when I do:

Code: [Select]

dehydrated -c -x it starts pulling all domains again.

So I un-installed Letsencript:

Code: [Select]

yum remove smeserver-letsencrypt --enablerepo=smecontribs
and deleted: /etc/dehydrated folder
after installing again and issuing command:

Code: [Select]

db domains setprop domain1.com  letsencryptSSLcert enabled
and when I do:

Code: [Select]

dehydrated -c -x it starts pulling all domains again.

That is why I am asking, where is the original command saved at? Database? And how to remove it?

[Knuddi]

I had same issue and manually edited the file /etc/dehydrated/domains.txt to only include the domains I needed.

[DanB35]

My Question is, how do I disable the command I gave before so I can manually request each domain?

What's the output of "config show letsencrypt"?

That is why I am asking, where is the original command saved at? Database? And how to remove it?

Of course it's saved in the database; you used a database command.  Uninstalling the RPM isn't going to affect it.

[Jean-Philippe Pialasse]

As the property alldomain currently overide all other setting, I suggest you deltete it

Code: [Select]

config setprop letsencrypt configure none
 
then considering the amount of domain you have you could start by testing this script :
https://bugs.contribs.org/show_bug.cgi?id=10280


this will check every domain / host and see if external dns make  it point to your server.
if yes it will set it as enabled.
If no, it will set it as disabled.

if you do not use them, you could also delete (or simply disable the cert ) all the default host like ftp mail .... this will reduce the amount of certificates to ask for.

[ReetP]

That is why I am asking, where is the original command saved at? Database? And how to remove it?

First, PLEASE read the wiki thoroughly. It is all there.

Things to check. This is where the basic settings are stored - I think this is where your issue is:

Code: [Select]

config show letsencrypt
From what you said above you have set this which is incorrect:

Code: [Select]

config setprop letsencrypt configure all domains
You can select only ONE of all, hosts, domains or none. I think the code will take the first argument (in your case all) and act accordingly.

I suggest you revert it to test mode until you get it right.

Code: [Select]

config setprop letsencrypt status test

Code: [Select]

config setprop letsencrypt configure none (or delete this key entirely for the same effect)

Code: [Select]

signal-event console-save
Then check which hosts or domains you individually enabled:

Code: [Select]

db domains show

Code: [Select]

db hosts show
Have a look at which ones have letsencryptSSLcert=enabled

Once you have done console-save you can check which hosts and domains are enabled by looking at

Code: [Select]

cat /etc/dehydrated/domains.txt

[calisun]

Thank you for pointers, I see that I have made an error in my original command.
Followed instructions above, I have cleared out wrong command and issued new command:

Code: [Select]

config setprop letsencrypt configure domains
While in test mode, I have I issue command:

Code: [Select]

dehydrated -c
So it looks like it is pulling just domains correctly, but I get an error message at the end:

Code: [Select]

[X@X~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Processing domain.com with alternative names: domain1.com domain2.com domain3.com domain4.com domain5.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for domain.com...
  + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 429)

Details:
{
  "type": "urn:acme:error:rateLimited",
  "detail": "Error creating new authz :: too many currently pending authorizations",
  "status": 429
}
I have not run any requests in over 24 hours and today I only did it in test environment.
What should I do now?

[ReetP]

For the 3rd time.... read the wiki.

https://wiki.contribs.org/Letsencrypt#rateLimited.2C_Too_many_currently_pending_Authorizations

https://letsencrypt.org/docs/rate-limits/

Amazing isn't it ?

[calisun]

ReetP, I did read wiki, and not sure what I am missing, that is why I am asking for help.
If everyone could get everything just from reading wiki, what is the point of this or any other forum? I am sure everything has been documented somewhere, so why forums?
As for that matter, what is the point of schools? Just have people read textbooks, and no need for schools, Right?

ReetP, sorry to take up your time, I will try to fumble my way through it.

[ReetP]

ReetP, I did read wiki, and not sure what I am missing, that is why I am asking for help.

Clearly you haven't. If you had read the wiki you would have seen the section on your error - as per the links I went and found for you.

If everyone could get everything just from reading wiki, what is the point of this or any other forum? I am sure everything has been documented somewhere, so why forums?
As for that matter, what is the point of schools? Just have people read textbooks, and no need for schools, Right?

ReetP, sorry to take up your time, I will try to fumble my way through it.

The forums are here for when you cannot find answers in the wiki. It covers a huge amount, although it does not have every single answer. However, in your instance the answers are there.

Reading the wiki saves a lot of wasted time answering questions for which there are already answers. So, if you had read it you would not be asking half the questions that you have because the answers are already documented there.

All you have done is ask questions for which answers exists, and expected someone else to spoon feed you links which you could easily have found yourself. That is very frustrating.

So in answer to your previous post, if you had bothered to look for your error 'Error creating new authz :: too many currently pending authorizations' you would have followed the link to 'Troubleshooting' and seen exactly the error you reported, and links to more information. So clearly you never read the page.

No one minds helping, but they do mind when the poster clearly hasn't bothered to do a little homework and reading themselves.

[DanB35]

No one minds helping, but they do mind when the poster clearly hasn't bothered to do a little homework and reading themselves.

Give him some credit--the "too many authz" error is pretty unusual.  From the rate limits page:

Hitting this rate limit is rare, and happens most often when developing ACME clients. It usually means that your client is creating authorizations and not fulfilling them.

Note that having a large number of pending authorizations is generally the result of a buggy client. If you’re hitting this rate limit frequently you should double-check your client code.

[calisun]

The whole mess started because the wiki is not clear to me, it says:

Code: [Select]

config setprop letsencrypt configure all | domains | hosts
so to me it looks like it says to write, all domains or all hosts.

If the wiki was written like this: (or something similar)

Code: [Select]

config setprop letsencrypt configure | all | domains | hosts|
I would know to write: all or domains or hosts.

[Jean-Philippe Pialasse]

The whole mess started because the wiki is not clear to me, it says:

Code: [Select]

config setprop letsencrypt configure all | domains | hosts
so to me it looks like it says to write, all domains or all hosts.

If the wiki was written like this: (or something similar)

Code: [Select]

config setprop letsencrypt configure | all | domains | hosts|

to me this one would be more obscure as  | means "or" in many programming languages

having a or between configure and all is wrong, and having it at the end of the line is worst.

may I suggest

Code: [Select]

config setprop letsencrypt configure (all | domains | hosts | none)
or

you can set the desired behaviour by using one of the following all for all domains and all hosts, domains for all domains, and hosts for all configrued host. If you want to only use individually enabled hosts or domains leave the default none.

Code: [Select]

config setprop letsencrypt configure none