You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that since recently Let's Encrypt stopped providing alternative chain for certificates, which you could use before with this option:
--use_alt_chain CHAIN_NO
If non-zero, then use nth alternative certificate chain. For example using
"1" with Let's Encrypt may be required to work-around a bug in clients with
OpenSSL-1.0.2:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
(default: 0)
So now, when you use --use_alt_chain=1, then you'll be getting error:
2024-07-15 13:37:07,115:INFO:simp_le:1468: Generating new certificate private key
2024-07-15 13:37:10,345:ERROR:simp_le:1134: Could not remove validation file at
+/var/www/mail…-le/.well-known/acme-challenge/HVhm… : [Errno 2] No such file or directory:
+'/var/www/mail…-le/.well-known/acme-challenge/HVhm…'
Traceback (most recent call last):
File "/home/le/.local/lib/python3.12/site-packages/simp_le.py", line 1618, in main
return main_with_exceptions(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/le/.local/lib/python3.12/site-packages/simp_le.py", line 1602, in main_with_exceptions
persist_new_data(args, existing_data)
File "/home/le/.local/lib/python3.12/site-packages/simp_le.py", line 1497, in persist_new_data
pems = list(split_pems(fullchain_pems[args.use_alt_chain]))
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
IndexError: list index out of range
Unhandled error has happened, traceback is above
Debugging tips: -v improves output verbosity. Help is available under --help.
After trying several times (for example with daily cron):
2024-07-15 17:16:26,868:INFO:simp_le:1468: Generating new certificate private key
ACME server returned an error: urn:ietf:params:acme:error:rateLimited
:: There were too many requests of a given type :: Error creating new order
:: too many certificates (5) already issued for this exact set of domains in the last 168 hours:
…, retry after 2024-07-16T22:23:07Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
Unfortunately I've noticed the error only after my cert expired and I can't refresh it now for the next 29h :-( It's not too important, so there's not much pain involved, but still.
Maybe simp_le should check the pem length, and if there's not enough of them, then issue a warning and use chain 0. This should be very easy to implement.
The text was updated successfully, but these errors were encountered:
It seems that since recently Let's Encrypt stopped providing alternative chain for certificates, which you could use before with this option:
So now, when you use
--use_alt_chain=1, then you'll be getting error:After trying several times (for example with daily cron):
Unfortunately I've noticed the error only after my cert expired and I can't refresh it now for the next 29h :-( It's not too important, so there's not much pain involved, but still.
Maybe simp_le should check the pem length, and if there's not enough of them, then issue a warning and use chain 0. This should be very easy to implement.
The text was updated successfully, but these errors were encountered: