Learn about Centmin Mod LEMP Stack today
Become a Member

Letsencrypt Rate limiting problem

Discussion in 'Add Ons' started by R0rke, Sep 7, 2017.

  1. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:52 PM
    1.11.1
    10.1
    i getting this error when acmetool going to verify the cert :
    new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status": 429}
    [Wed Sep 6 21:09:16 +0430 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-060917-210909.log

    [Bash] Lets Encrypt Logs - Pastebin.com
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    you hit letsencrypt end rate limits https://community.centminmod.com/th...for-centmin-mod-123-09beta01.8290/#post-34494

    latest at Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
    also duplicate domain certs limit
    so need to wait and also figure out why you got so many invalid authorizations

    did you use more than one letsencrypt client for the same domain in the paste ? i.e. official letsencrypt certbot client + acmetool.sh/acme.sh from centmin mod ? you may have auto cronjobs running trying to issue/get letsencrypt ssl cert with more than one client running up invalid verification/issuances.

    from crt.sh search your domain has 4 ssl certs https://crt.sh/?q=gamerpa.net&iCAID=16418

    what's output for
    Code (Text):
    /usr/local/src/centminmod/addons/acmetool.sh checkdates
    
     
    Last edited: Sep 7, 2017
    • Informative Informative x 1
  3. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:52 PM
    1.11.1
    10.1
    I obtain many certs last hour I think that's why the problem happens.
    unfortunately, my cert is invalid I'm using CloudFlare and first obtained wrong and I do a reissue and its keep erroring then after many try I got rate limiting. what can I do now?
     
  4. pamamolf

    pamamolf Well-Known Member

    2,772
    245
    63
    May 31, 2014
    Ratings:
    +437
    Local Time:
    1:52 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    You may need to post the output of the above command so he will have more info to help you :)

    Code:
    /usr/local/src/centminmod/addons/acmetool.sh checkdates
     
    • Informative Informative x 1
  5. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:52 PM
    1.11.1
    10.1
    Code:
     /usr/local/src/centminmod/addons/acmetool.sh checkdates
    
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://centminmod.com/acmetool
    -------------------------------------------------
    
    continue [y/n] ? y
    ----------------------------------------------
    nginx installed
    ----------------------------------------------
    
    ----------------------------------------------
    acme.sh obtained
    ----------------------------------------------
     
  6. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    3:52 PM
    1.11.1
    10.1
    recently I just get out of rate limiting and I reissue another one and I'm surprised it's fixed ( i think its hourly rate limit for me but i see people they have to wait about a week )
    btw thanks for heads up guys and sorry for my thread but i suggest people who have a problem like me or be aware when u trying to obtain SSL from let's encrypt because with all respect its painful and time waster. ( i mean Rate limits ).
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,606
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,297
    Local Time:
    9:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    glad it's fixed
    but if you have a working letsencrypt ssl certificate obtained via acmetool.sh and acme.sh underlying client, you should have something listed for checkdates command like example at https://community.centminmod.com/th...ing-thread-for-centmin-mod-123-09beta01.8290/. If you don't have anything listed, then it means underlying acme.sh client's cronjob wouldn't renew any domain ssl certs when time comes as checkdates reports the domains registered with acme.sh and centmin mod nginx that have ssl certificates issues by acmetool.sh and underlying acme.sh client.

    Code (Text):
    ./acmetool.sh checkdates
    ----------------------------------------------
    nginx installed
    ----------------------------------------------
    /usr/local/nginx/conf/ssl/acme.domain1.com/acme.domain1.com-acme.cer
    SHA1 Fingerprint=87:AA:E6:79:CA:14:61:77:07:59:6B:BB:EC:BC:8A:F7:B1:3A:9E:F4
    certificate expires in 10 days on 4 Sep 2016
    
    /usr/local/nginx/conf/ssl/acme2.domain1.com/acme2.domain1.com-acme.cer
    SHA1 Fingerprint=A7:E3:72:64:55:12:B7:E8:3E:48:35:64:5E:9A:FF:EA:61:46:9E:8A
    certificate expires in 88 days on 21 Nov 2016
    
    /usr/local/nginx/conf/ssl/acme1.domain1.com/acme1.domain1.com-acme-ecc.cer
    SHA1 Fingerprint=F5:42:00:15:7D:AC:80:21:02:F5:27:E0:84:7A:06:D5:80:91:B8:C6
    certificate expires in 78 days on 11 Nov 2016
    
    ----------------------------------------------
    acme.sh obtained
    ----------------------------------------------
    /root/.acme.sh/acme.domain1.com/acme.domain1.com.cer
    SHA1 Fingerprint=87:AA:E6:79:CA:14:61:77:07:59:6B:BB:EC:BC:8A:F7:B1:3A:9E:F4
    certificate expires in 10 days on 4 Sep 2016
    
    /root/.acme.sh/acme9.domain2.com/acme9.domain2.com.cer
    SHA1 Fingerprint=AC:72:0F:AA:4C:B0:96:49:DD:1F:C2:92:09:B2:BE:89:38:FC:96:3B
    certificate expires in 89 days on 22 Nov 2016
    
    /root/.acme.sh/acme2.domain1.com/acme2.domain1.com.cer
    SHA1 Fingerprint=A7:E3:72:68:55:12:B7:E8:3E:48:35:68:5E:9A:FF:EA:61:46:9E:8A
    certificate expires in 88 days on 21 Nov 2016
    
    /root/.acme.sh/acme1.domain1.com_ecc/acme1.domain1.com.cer
    SHA1 Fingerprint=F5:42:00:15:7D:AC:80:21:02:F5:27:E0:84:7A:06:D5:80:91:AA:C6
    certificate expires in 78 days on 11 Nov 2016