Error 429 too many registrations for this IP

My domain is:
mrrobotcloud.duckdns.org
I ran this command:
caddy / caddy in a docker server
It produced this output:
acme: Registering account for xxxx
2019/01/18 16:20:58 registration error: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:rateLimited :: Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/, url:
My web server is (include version):
Caddy [0.11.2]
The operating system my web server runs on is (include version):
Docker/Ubuntu 16.04
My hosting provider, if applicable, is:
OVH/SYS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Im getting the rate limiting error, even after waiting more than 3 hours, either when using the caddy executable, or running it though docker I receive this message. Was working fine for the last few months, the caddy container starting rebooting, so Im assuming thats why I got the ban, but I removed the container and waited without any success

You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours.

It sounds like you are not persisting the contents of the Caddy container. Caddy wouldn't be registering new ACME accounts unless it was started from a fresh slate every time.

It worked before, and I can see in my filesystem all of my certificates, plus I have this running on a different server with the same config without any issues.

The certs are there, and its been offline for more than 3 hours, but Im still limited.

See: https://letsdebug.net/mrrobotcloud.duckdns.org/17464

^ Caddy might be using DNS or TLS-ALPN rather than HTTP I guess.

@mholt might have some ideas on the behavior of account registration, though.

Well port 80 is down because my caddy container is down. I could spin up an apache one that runs on 80 and 443?

Installed apache quick to see

Does the renewal now work?

Nope, tried running the caddy executable in the same folder, but containerized or not I get this:

Activating privacy features… 2019/01/18 16:54:17 registration error: acme: Error 429 - urn:ietf:params:acme:error:rateLimited - Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/

I hope this won't create any issues going forward...

Whoops, thats supposed to be no

Its just an OVH box so I have full root access

OK “NO” makes more sense.

Installed certbot to see if it was a caddy issue… Dry-run doesn’t throw any errors, but trying to get a certificate for that basic apache install gives me the same 429 rate limit error.

https://letsdebug.net/mrrobotcloud.duckdns.org/17491?debug=y

I see an error that says:

DEBUG
1 Certificates contributing to rate limits for this domain
Serial: 417319055578290286944709400725202947188573
NotBefore: 2019-01-16 19:40:10 +0000 UTC

Does that mean i’m on the 1 week ban? Not the 3 hour one?

I see [quote=“Dude245, post:3, topic:83204”]
It worked before, and I can see in my filesystem all of my certificates
[/quote]

Maybe those certificates aren’t mounted into the container properly? Or maybe Caddy is not configured to look for them in the right place? I suppose it’s also possible that the directory containing certificates was persisted, but the directory containing account information was not.

I do think @_az’s evaluation is most likely correct: Caddy for some reason thinks it doesn’t have an account yet, and is attempting rapid re-registration. Containers in particular often cause problems for a variety of clients, by not persisting account data across multiple runs.

Since this is a rate limit applied to your IP address, it will persist regardless of which client you use. However, it will expire in 3 hours and you can try again. In the meantime you can take a look at your container configuration and see if you can find the issue.

Hmm, it just let me create about 10 subdomains then started giving me the error again. I think it might be resetting and using a default user every time its created so its “creating” a new user?

I don’t see anything wrong with my config though:

docker run -d --name caddy \
-v /root/dockerFS/caddy/Caddyfile:/etc/Caddyfile \
-v /root/dockerFS/caddy/:/root/.caddy \
-v /root/dockerFS/caddy/sites/:/srv \
--restart=unless-stopped \
--net=host \
abiosoft/caddy:php-no-stats

Yep, I think that's what's going on.

It's possible that some release of the abiosoft/caddy:php-no-stats package changed the working directory of the Caddy that gets started, so it doesn't pull its config from your mounted volume.

@Dude245 read fully through this recent Caddy issue: https://github.com/mholt/caddy/issues/2400

It sounds suspiciously like your symptom and the timeline matches up (fixed in master only 6 hours ago).

3 Likes

I think that might have been part of the issue, but I also specificied my email in the caddy configs now as well. Working as intended now!

To help verify that this is fixed, build Caddy from https://github.com/mholt/caddy/commit/a7aeb979be5a59ae82fac0783fe54b83c7fc57fd and let us know how it goes. A new release will be going out very soon, potentially within a day, unless people can confirm that it’s still not fixed (but “it works for me” and the tests pass).

1 Like