Failed cert generation after "domain auth token"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wiki.morcloud.com

I ran this command: etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt -d wiki.morcloud.com --webroot /usr/share/nginx/html --reloadcmd “sudo systemctl reload nginx.service” --accountemail astrawoodruf@gmail.com --ocsp-must-staple --keylength 2048 --log

It produced this output: [Thu Apr 11 15:27:07 UTC 2019] Single domain=‘wiki.morcloud.com

[Thu Apr 11 15:27:07 UTC 2019] Getting domain auth token for each domain

[Thu Apr 11 15:27:08 UTC 2019] Create new order error. Le_OrderFinalize not found. {

"type": “urn:ietf:params:acme:error:rateLimited”,

"detail": “Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/”,

"status": 429

}

My web server is (include version):

nginx version: nginx/1.15.11

The operating system my web server runs on is (include version): Chrome latest

My hosting provider, if applicable, is: vultr.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Hi @morpheusnow

I don’t use acme.sh. But you use the webroot parameter. Sounds that you use the running webserver.

But if there is a running webserver, it is invisible ( https://check-your-website.server-daten.de/?q=morcloud.com ):

Domainname Http-Status redirect Sec. G
http://wiki.morcloud.com/
45.77.67.62 -2 1.080 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 45.77.67.62:80
https://wiki.morcloud.com/
45.77.67.62 -2 1.070 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 45.77.67.62:443
http://wiki.morcloud.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
45.77.67.62 -2 1.073 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 45.77.67.62:80
Visible Content:

Looks like a firewall or something else.

So first step: Open your firewall, port 80 is required.

There are no certificates. So the rate limit is the failed orders limit = 5 per hour per account. Not really a problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.