Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
entrl.com
I ran this command:
docker-compose logs proxy
(my container is called proxy and I use caddyserver as a reverse proxy for my services)
It produced this output:
Attaching to latest_proxy_1
proxy_1 | 2019/08/25 13:49:09 [INFO][cache:0xc00018ea50] Started certificate maintenance routine
proxy_1 | Activating privacy features… 2019/08/25 13:49:10 [INFO][entrl.com] Obtain certificate
proxy_1 | 2019/08/25 13:49:10 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
proxy_1 | 2019/08/25 13:49:10 [ERROR][entrl.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 1/3; challenge=dns-01)
proxy_1 | 2019/08/25 13:49:11 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
proxy_1 | 2019/08/25 13:49:12 [ERROR][entrl.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 2/3; challenge=dns-01)
proxy_1 | 2019/08/25 13:49:13 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
proxy_1 | 2019/08/25 13:49:18 [ERROR][entrl.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 3/3; challenge=dns-01)
proxy_1 | 2019/08/25 13:49:19 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url:
proxy_1 | exit status 1
proxy_1 | Activating privacy features… 2019/08/25 13:49:20 [INFO][cache:0xc00018aa50] Started certificate maintenance routine
proxy_1 | 2019/08/25 13:49:21 [INFO][entrl.com] Obtain certificate
proxy_1 | 2019/08/25 13:49:21 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
proxy_1 | 2019/08/25 13:49:21 [ERROR][entrl.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 1/3; challenge=dns-01)
proxy_1 | 2019/08/25 13:49:22 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
proxy_1 | 2019/08/25 13:49:23 [ERROR][entrl.com] failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains:entrl.com: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 2/3; challenge=dns-01)
proxy_1 | 2019/08/25 13:49:24 [INFO] [entrl.com] acme: Obtaining bundled SAN certificate
My web server is (include version):
https://hub.docker.com/r/abiosoft/caddy/ latest tag
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I use latest version of https://github.com/abiosoft/caddy-docker
Good day everyone!
First of all I would like to say that I have read a lot of articles about this situation before writing this post.
I understand that I have reached the rate limit for one domain as I have done 5 duplicated ssl certificates: https://check-your-website.server-daten.de/?q=entrl.com
I think the problem is that I have removed all volumes several times while testing my docker services. That’s why caddyserver can’t find my certificates and tries to create new.
I use cloudflare dns in my caddy file and I can’t understand why caddyserver tries to create sll certificates as I want to use CloudFlare universal SSL for my domain and subdomains:
entrl.com {
log stdout
errors stderr
header / {
Referrer-Policy "same-origin"
Strict-Transport-Security "max-age=15768000;"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
-Server
}
gzip
tls {
dns cloudflare
}
proxy / front-main:80 {
transparent
}
proxy /api/ back-search:9000 {
transparent
without /api/
}
}
My docker-compose.yml file (only a part with proxy container):
proxy:
image: ${REGISTRY_BASE_URL}/proxy:${TAG}
restart: always
ports:
- 80:80
- 443:443
volumes:
- "$HOME/.caddy:/etc/caddycerts"
environment:
CADDYPATH: "/etc/caddycerts"
CLOUDFLARE_EMAIL: ${CLOUDFLARE_EMAIL}
CLOUDFLARE_API_KEY: ${CLOUDFLARE_API_KEY}
ACME_AGREE: "true"
Right now I can’t use my services as I can’t start my reverse proxy container.
I have many subdomains and I want to use secure connection beetwen CloudFlare and my Reverse Proxy.
I really hope for your help. What should I do in my situation?