Certificate renewal suddenly failing

Hi all,

I've tried everything I can think of to get this resolved so if anybody is able to offer any new ideas of point me in the right direction, I'd really appreciate it. Essentially, my server just suddenly stopped working about a month ago. One day after a reboot, my domain was inaccessible from the web and upon trying to restart caddy to fix the issue I saw the "too many renewal attempts" error listed below. After doing some digging, I came across this: https://check-your-website.server-daten.de/?q=htpcomp.co.uk which suggests that port 80 is not available, but as I'm not aware of any changes to any of my setup, I'm struggling to determine if that is the cause of my issues, or a symptom.

My domain is: htpcomp.co.uk

I ran this command: caddy

It produced this output:
2020/11/10 09:19:51 [INFO] [htpcomp.co.uk] acme: Obtaining bundled SAN certificate
too many renewal attempts; last error: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

My web server is (include version): caddy 0.11.5

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

1 Like

Indeed your server seems to just hang up, even on port 80. That smells more like a networking problem than something to do with Caddy.

To clarify, are you running Caddy on Windows, or on Ubuntu? Because the IP address your domain points to appears to be an Ubuntu Linux server.

2 Likes

Hi @jasongray

if you want to use http validation, a working port 80 is required. See the explantation.

Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge.

There is no working http port. Why? That's the problem you have to fix.

2 Likes

Caddy is running on Windows. I assume that the Ubuntu reference must somehow be picking up the "linux on windows" app.

Thanks for the suggestion it is probably a networking problem, I'll do some more digging there

2 Likes