Error creating new account

raviteja · February 3, 2023, 7:16am

Hi,

I want to install ssl certificate for my clients who mapped to my domain through CNAME.
I am able to generate ssl certificate and install behalf of them. Till now no issue, but I got error while creating user

"urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new account :: too many registrations for this IP: see Registrations Per IP Limit - Let's Encrypt"

and this is my code for creating acme account

user_key = josepy.JWKRSA(key=rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend()))    
net = client.ClientNetwork(user_key, user_agent=USER_AGENT)
directory = messages.Directory.from_json(net.get(DIRECTORY_URL).json())
client_acme = client.ClientV2(directory, net=net)
account_created = messages.NewRegistration.from_data(email=(EMAIL), terms_of_service_agreed=True)
regr = client_acme.new_account(account_created)

How can i surpass the issue without creating new account?
I should be able to generate ssl certificate regardless of the requests i get without any errors.

_az · February 3, 2023, 7:35am

You'd have to save both the private key and the account (the regr) to disk if they don't exist, or load them from disk if they do. That way, you will use the same ACME account every time your program runs and avoid having to create new ones.

If you're not comfortable implementing these parts yourself using the acme library, I highly recommend just using an existing ACME client rather than piecing this together with Python code.

raviteja · February 3, 2023, 7:44am

you mean to save both user_key and regr?

_az · February 3, 2023, 7:46am

Yes, both of those.

raviteja · February 3, 2023, 7:54am

for generating ssl certificate for other domain, I just need to load those files and skip the following steps,

user_key = josepy.JWKRSA(key=rsa.generate_private_key(public_exponent=65537,key_size=2048,backend=default_backend()))    
net = client.ClientNetwork(user_key, user_agent=USER_AGENT)
directory = messages.Directory.from_json(net.get(DIRECTORY_URL).json())
client_acme = client.ClientV2(directory, net=net)
account_created = messages.NewRegistration.from_data(email=(EMAIL), terms_of_service_agreed=True)
regr = client_acme.new_account(account_created)

if yes, how can I load those files and reuse the 'client_acme' for creating new order and challenge

_az · February 3, 2023, 9:30am

You can find examples of loading and saving in the Certbot code.

Loading:

github.com

certbot/certbot/blob/71a14f5193722b2f6b01d3a128cedb2575e06fd1/certbot/certbot/_internal/account.py#L220-L223


      
          with open(self._regr_path(account_dir_path)) as regr_file:
              regr = messages.RegistrationResource.json_loads(regr_file.read())
          with open(self._key_path(account_dir_path)) as key_file:
              key = jose.JWK.json_loads(key_file.read())

Saving:

github.com

certbot/certbot/blob/71a14f5193722b2f6b01d3a128cedb2575e06fd1/certbot/certbot/_internal/account.py#L344-L353


      
          def _create(self, account: Account, dir_path: str) -> None:
              with util.safe_open(self._key_path(dir_path), "w", chmod=0o400) as key_file:
                  key_file.write(account.key.json_dumps())
          
          
def _update_regr(self, account: Account, dir_path: str) -> None:
              with open(self._regr_path(dir_path), "w") as regr_file:
                  regr = messages.RegistrationResource(
                      body={},
                      uri=account.regr.uri)
                  regr_file.write(regr.json_dumps())

It's basically just using json_loads and json_dumps.

raviteja · February 6, 2023, 1:34pm

one small confirmation,

I have created user_key and regr and saved those files in json.
for next order and challenge(to new domain) i will just read user_key and regr from files saved as mentioned above.

So, my doubt is like should i regenerate net, directory and client_name with user_key or just read those values from regr. if yes, please provide some code example
NOTE: once I have read regr it shows

RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/86673873', new_authzr_uri=None, terms_of_service=None)

for user_key:

JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7f6489c142e0>)>)

please let me know as I am new to this concept.

Thanks.

system · March 8, 2023, 1:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.