How can I test manual hooks with the current limits?

rourke · 2018-03-22 22:55:46 UTC

Sorry, I’m ignoring the template, because it doesn’t seem relevant for my question.

I’m trying to run certbot with ACME v2 to get a wildcard certifcate. Since I can’t host on one of the supported dns-plugin sites (i’m European, none operate in my country) I need to go with the manual method with pre and post validation hooks. Therefor I’m running the following command:

sudo certbot certonly --manual --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --manual-auth-hook /home/user/certbot_authenticator.sh --manual-cleanup-hook /home/user/certbot_cleanup.sh -d *.domain.com -d domain.com

Because I’m creating both validation hooks myself it requires some testing. I was surprised to encounter the following error at one point:

There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

I understand there is a failed validation limit of 5 failures per account. Unfortunately something like --dry-run or -n doesn’t work with the above command. How can I create the validation hooks with such a limit? What am I missing here?

mnordhoff · 2018-03-22 23:00:04 UTC

In this case, use “--staging” or “--test-cert”. (They’re equivalent.)

If Certbot is older than 0.22.2 or so, you have to use “--server https://acme-staging-v02.api.letsencrypt.org/directory”. (In older versions, the options above use the ACME v1 staging server.)

rourke · 2018-03-22 23:14:38 UTC

I’m using certbot 0.22.2, if I understand you correctly this should be enough?

sudo certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /home/user/certbot_authenticator.sh --manual-cleanup-hook /home/user/certbot_cleanup.sh -d *.domain.com --staging

It looks like I can keep running it.

mnordhoff · 2018-03-22 23:15:51 UTC

Yup! The staging environment has much higher rate limits.

rourke · 2018-03-22 23:21:31 UTC

Ah that’s great to hear. Then that solved my problem.

Just a sidenote: a failed validations limit of 60 per hour still isn’t much in my case. Because I’m still trying to figure out how to pass through the arguments to my PHP script from where I can easily use my hosts PHP API library. That alone easily took me 10 attempts in a very short time window. But I think I should be good!

Thank you!

system · 2018-04-21 23:21:32 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.