Hitting the rate limit because of a bug, but which one?

I’m getting the error
2018-10-09 14:03:53,540:INFO:main:1211: Generating new account key

ACME server returned an error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/

The reason for the issue is that a bug in the software prevented the renewal complete successfully. Because of this, after SSL expiry no the /.well-known requests were being redirected incorrectly.
This was prob compounded by CloudFlare being set to strict, not allowing the server being reachable anymore on port 443. What I would like to know is if the error above is the “you’re blocked for 1 hour rate limit”, or the “you’re blocked for a week rate limit”. In which case, obviously, we have a more serious problem.

Also, how can I test it so we don’t “try our way into a rate limit issue” again.

My domain is:
bitesdaretoshare.com

I ran this command:
dokku letsencrypt

It produced this output:
2018-10-09 14:03:53,540:INFO:main:1211: Generating new account key

ACME server returned an error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/
My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version):
ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

Cheers,
Marc

Hi @mschipperheyn

I'm not familiar with this dokku ACME client. It seems like it is creating a new account every time it issues a certificate, which is why its hitting the registration rate limit.

Is there a way you can configure the client to create an account once, and then re-use it for subsequent issuances? We strongly recommend using one account for all of your certificates.

This is none of the above, it is specifically the " Accounts per IP Address" rate limit (that is applied over a 3 hour period), not the "Failed Validation" rate limit or the "Certificates per Registered Domain" rate limit.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.