Letsencrypt Rate limiting problem

R0rke · Sep 7, 2017

i getting this error when acmetool going to verify the cert :
new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status": 429}
[Wed Sep 6 21:09:16 +0430 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-060917-210909.log

[Bash] Lets Encrypt Logs - Pastebin.com

eva2000 · Sep 7, 2017

you hit letsencrypt end rate limits https://community.centminmod.com/th...for-centmin-mod-123-09beta01.8290/#post-34494

latest at Rate Limits - Let's Encrypt - Free SSL/TLS Certificates

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems.
Click to expand...

Overrides
If you’ve hit a rate limit, we don’t have a way to temporarily reset it. You’ll need to wait until the rate limit expires after a week. We use a sliding window, so if you issued 10 certificates on Monday and 10 more certificates on Friday, you’ll be able to issue again starting Monday. You can get a list of certificates issued for your registered domain by searching on crt.sh, which uses the public Certificate Transparency logs.
Click to expand...

also duplicate domain certs limit

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates.
Click to expand...

so need to wait and also figure out why you got so many invalid authorizations

did you use more than one letsencrypt client for the same domain in the paste ? i.e. official letsencrypt certbot client + acmetool.sh/acme.sh from centmin mod ? you may have auto cronjobs running trying to issue/get letsencrypt ssl cert with more than one client running up invalid verification/issuances.

from crt.sh search your domain has 4 ssl certs https://crt.sh/?q=gamerpa.net&iCAID=16418

what's output for
Code (Text):
/usr/local/src/centminmod/addons/acmetool.sh checkdates

R0rke · Sep 7, 2017

I obtain many certs last hour I think that's why the problem happens.
unfortunately, my cert is invalid I'm using CloudFlare and first obtained wrong and I do a reissue and its keep erroring then after many try I got rate limiting. what can I do now?

pamamolf · Sep 7, 2017

You may need to post the output of the above command so he will have more info to help you
Code:
/usr/local/src/centminmod/addons/acmetool.sh checkdates

R0rke · Sep 7, 2017

Code:

 /usr/local/src/centminmod/addons/acmetool.sh checkdates

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

continue [y/n] ? y
----------------------------------------------
nginx installed
----------------------------------------------

----------------------------------------------
acme.sh obtained
----------------------------------------------

R0rke · Sep 7, 2017

recently I just get out of rate limiting and I reissue another one and I'm surprised it's fixed ( i think its hourly rate limit for me but i see people they have to wait about a week )
btw thanks for heads up guys and sorry for my thread but i suggest people who have a problem like me or be aware when u trying to obtain SSL from let's encrypt because with all respect its painful and time waster. ( i mean Rate limits ).

eva2000 · Sep 7, 2017

glad it's fixed
R0rke said: ↑
Code:
 /usr/local/src/centminmod/addons/acmetool.sh checkdates

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

continue [y/n] ? y
----------------------------------------------
nginx installed
----------------------------------------------

----------------------------------------------
acme.sh obtained
----------------------------------------------
Click to expand...
but if you have a working letsencrypt ssl certificate obtained via acmetool.sh and acme.sh underlying client, you should have something listed for checkdates command like example at https://community.centminmod.com/th...ing-thread-for-centmin-mod-123-09beta01.8290/. If you don't have anything listed, then it means underlying acme.sh client's cronjob wouldn't renew any domain ssl certs when time comes as checkdates reports the domains registered with acme.sh and centmin mod nginx that have ssl certificates issues by acmetool.sh and underlying acme.sh client.

addons/acmetool.sh has a checkdates option you can run on SSH command line to report all issued Letsencrypt SSL certificates days till expiry. It reports both nginx installed ssl certs + any ssl certs obtained by acme.sh client in /root/.acme.sh these would include ssl certs in new DNS only mode via certonly-issue option on command line.
Click to expand...
Code (Text):
./acmetool.sh checkdates
----------------------------------------------
nginx installed
----------------------------------------------
/usr/local/nginx/conf/ssl/acme.domain1.com/acme.domain1.com-acme.cer
SHA1 Fingerprint=87:AA:E6:79:CA:14:61:77:07:59:6B:BB:EC:BC:8A:F7:B1:3A:9E:F4
certificate expires in 10 days on 4 Sep 2016

/usr/local/nginx/conf/ssl/acme2.domain1.com/acme2.domain1.com-acme.cer
SHA1 Fingerprint=A7:E3:72:64:55:12:B7:E8:3E:48:35:64:5E:9A:FF:EA:61:46:9E:8A
certificate expires in 88 days on 21 Nov 2016

/usr/local/nginx/conf/ssl/acme1.domain1.com/acme1.domain1.com-acme-ecc.cer
SHA1 Fingerprint=F5:42:00:15:7D:AC:80:21:02:F5:27:E0:84:7A:06:D5:80:91:B8:C6
certificate expires in 78 days on 11 Nov 2016

----------------------------------------------
acme.sh obtained
----------------------------------------------
/root/.acme.sh/acme.domain1.com/acme.domain1.com.cer
SHA1 Fingerprint=87:AA:E6:79:CA:14:61:77:07:59:6B:BB:EC:BC:8A:F7:B1:3A:9E:F4
certificate expires in 10 days on 4 Sep 2016

/root/.acme.sh/acme9.domain2.com/acme9.domain2.com.cer
SHA1 Fingerprint=AC:72:0F:AA:4C:B0:96:49:DD:1F:C2:92:09:B2:BE:89:38:FC:96:3B
certificate expires in 89 days on 22 Nov 2016

/root/.acme.sh/acme2.domain1.com/acme2.domain1.com.cer
SHA1 Fingerprint=A7:E3:72:68:55:12:B7:E8:3E:48:35:68:5E:9A:FF:EA:61:46:9E:8A
certificate expires in 88 days on 21 Nov 2016

/root/.acme.sh/acme1.domain1.com_ecc/acme1.domain1.com.cer
SHA1 Fingerprint=F5:42:00:15:7D:AC:80:21:02:F5:27:E0:84:7A:06:D5:80:91:AA:C6
certificate expires in 78 days on 11 Nov 2016

Log in / Register

Forums

Join the community today

Letsencrypt Rate limiting problem

R0rke Member

eva2000 Administrator Staff Member

R0rke Member

pamamolf Well-Known Member

R0rke Member

R0rke Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

Letsencrypt Rate limiting problem

R0rke Member

eva2000 Administrator Staff Member

R0rke Member

pamamolf Well-Known Member

R0rke Member

R0rke Member

eva2000 Administrator Staff Member

.