Certificate renewal suddenly failing

jasongray · November 10, 2020, 9:59am

Hi all,

I've tried everything I can think of to get this resolved so if anybody is able to offer any new ideas of point me in the right direction, I'd really appreciate it. Essentially, my server just suddenly stopped working about a month ago. One day after a reboot, my domain was inaccessible from the web and upon trying to restart caddy to fix the issue I saw the "too many renewal attempts" error listed below. After doing some digging, I came across this: https://check-your-website.server-daten.de/?q=htpcomp.co.uk which suggests that port 80 is not available, but as I'm not aware of any changes to any of my setup, I'm struggling to determine if that is the cause of my issues, or a symptom.

My domain is: htpcomp.co.uk

I ran this command: caddy

It produced this output:
2020/11/10 09:19:51 [INFO] [htpcomp.co.uk] acme: Obtaining bundled SAN certificate
too many renewal attempts; last error: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

My web server is (include version): caddy 0.11.5

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

_az · November 10, 2020, 10:08am

Indeed your server seems to just hang up, even on port 80. That smells more like a networking problem than something to do with Caddy.

To clarify, are you running Caddy on Windows, or on Ubuntu? Because the IP address your domain points to appears to be an Ubuntu Linux server.

JuergenAuer · November 10, 2020, 10:31am

Hi @jasongray

if you want to use http validation, a working port 80 is required. See the explantation.

Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge.

There is no working http port. Why? That's the problem you have to fix.

jasongray · November 10, 2020, 11:28am

Caddy is running on Windows. I assume that the Ubuntu reference must somehow be picking up the "linux on windows" app.

Thanks for the suggestion it is probably a networking problem, I'll do some more digging there

system · December 10, 2020, 11:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sudden renewal failure: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80 Help	17	401	May 2, 2024
Certbot Renew Certificate Issue Help	28	1869	March 30, 2019
Renew error rate limited Issuance Tech	17	3140	September 21, 2017
Failed authorization procedure Server	20	2150	May 6, 2019
Failed to renew certificate Help	13	2602	September 1, 2018

Certificate renewal suddenly failing

Related topics