Dehydrated failure from long time

govindengagebay · December 3, 2021, 10:21am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: logistics.ontrac.com

I ran this command: We used openresty autossl for certificates. I am not sure about the command they are using. I found the in the error log below

issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=2d263149e538c761c7a092b1bc2d3451b4b369655dd06d74e74b5bf0e8c962f4 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain logistics.ontrac.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config

It produced this output:
err: + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 429)

Details:
HTTP/2 429 ^M
server: nginx^M
date: Fri, 03 Dec 2021 10:05:43 GMT^M
content-type: application/problem+json^M
content-length: 201^M
boulder-requester: 111361603^M
cache-control: public, max-age=0, no-cache^M
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"^M
replay-nonce: 00013kZe-AGAgo0mLGWT_L4ymIDUuKLEmux_UjayG1VrRW4^M
^M
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt",
"status": 429
}

My web server is (include version): nginx via openresty-1.19.3.1

The operating system my web server runs on is (include version): ubuntu 20

My hosting provider, if applicable, is: We are giving option to our customers to add their domain. Sorry we are sure.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): openresty-1.19.3.1

From past 30 days we are getting the same error message. We thought they hit some ratelimits and will reset in a week. After 30 days also it is throwing the same error message.

Please help us to resolve this issue.

rg305 · December 3, 2021, 5:54pm

Hi @govindengagebay and welcome to the LE community forum

I'd start by making sure all the programs are up-to-date.

govindengagebay · December 3, 2021, 6:16pm

Hi Rudy Gamoz,

Thank you for the response. Looking forward to your reply.

rg305 · December 3, 2021, 6:28pm

What more of a reply are you expecting from me?
[You should be reviewing all your programs to see if any can be updated.]

govindengagebay · December 3, 2021, 6:37pm

I checked. All are upto date. Let me recheck and confirm.

This is not happening to all domains. Only certain domains we are getting this issue. Is there any specific reason for this ? I thought rateLimits will reset in a week or so. But it is almost a month now. Still the same error occurring..

rg305 · December 3, 2021, 6:39pm

Then it may be failing automatically (more than you have noticed).
How often does the renewal process run per day?

govindengagebay · December 3, 2021, 6:57pm

There should 5-10 renewals per day approximately. Not more than that.

rg305 · December 3, 2021, 7:07pm

I don't understand.
How often does the renewal process run per day (even if only to check)?

govindengagebay · December 3, 2021, 7:15pm

We are providing a landing page custom domain setup using auto ssl via openresty. We have decent customers now.

If i am not wrong, you are asking about #of renewal requests per day then i would say it depends on traffic to that landing page.

If i still make you misunderstood, will you please elaborate what exactly you are looking for?

jillian · December 3, 2021, 11:28pm

Your client is attempting validation many, many times a day.(or in a row) and not succeeding validation. Once you have too many failed attempts, you get rate limited and see the message that you have. Until you get rate limited, you will have log messages that show what kinds of errors cause you to "stack up" failed authorizations. It's possible that your server is not responding to the validation attempts or creating the authorizations correctly. Your logs will provide more information about the source of failed authorizations.

You should also make sure that your client is at the latest version to rule out any bugs in the client.

system · January 2, 2022, 11:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.