Crontab Setup Means Too Many Attempts to Renew Hit Production Limits

I have certbot installed on my server and things running smoothly until today when suddenly the SSL stopped working. When I did letsencrypt renew from the command line, I got:

2017-04-24 04:24:20,037:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.. Skipping.

Now, there has been no login into the server in the past month or so, and things were running smoothly. I wonder what went wrong. The only oddity I can point to is my crontab, which reads:

* * * * * letsencrypt renew

Could that be the problem? Either way, how come there are invalid authorizations?

That crontab is not ideal because it will run the command every minute of every day. However, letsencrypt renew is supposed to try to renew only if a certificate is due to expire in less than a month.

Maybe you have some logs in /var/log/letsencrypt showing what happened when it attempted to renew before triggering this rate limit? This rate limit results from a series of (at least) five failed attempts to obtain authorization for issuing a certificate for a domain name.

1 Like

hou long until we can request again ? wait time?

Hi @myrtvalisica, which particular rate limit did you get? Also “Too many invalid authorizations recently”?

For this particular rate limit you can try again after an hour, but you should also try to figure out why the authorizations failed repeatedly.

There is also a Let’s Encrypt staging server that you can use for experimentation (it has much higher rate limits and its rate limits don’t affect your ability to get certificates from the real CA).

I finally figured it out. The same certificate was being used in a WordPress setup also, from which the .well-known directory had mysteriously disappeared. :stuck_out_tongue:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.