I have Nextcloud on a raspberry pi and have been trying for 2 days to get Letsencrypt to give me a certificate.
I now find that after so many attempts using the Nextcloud Letsencrypt app, I'm now locked out and cannot try again.
[ letsencrypt ] (Mon Jan 9 19:05:25 GMT 2023)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for alistairscloud.org
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
Please see the logfiles in /var/log/letsencrypt for more details.
I then found Letsdebug. org:
All OK!
No issues were found with alistairscloud.org. If you are having problems
with creating an SSL certificate, please visit the Let's Encrypt Community forums
and post a question there.
I can login to a root shell on my machine and on my desktop via the browser
Does this mean I actually fixed it, but ran out of tries that one too early?
How long before I can try again?
Hello @Alistair, welcome to the Let's Encrypt community.
From here Rate Limits - Let's Encrypt
" You can create a maximum of 300 New Orders per account per 3 hours. A new order is created each time you request a certificate from the Boulder CA, meaning that one new order is produced in each certificate request. Exceeding the New Orders limit is reported with the error message too many new orders recently ."
and
" There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently ."
Testing and debugging are best done using the Staging Environment and to assist with debugging there is a great place to start is Let's Debug.
I think that wait is an hour.
But if you don't fix the problem, you will continue to exceed that limit and wait [over and over].
What you are essentially doing is TESTING.
You should do that on the testing/staging environment.
It seems you have not provided the correct web root path.
OR Apache has failed you.
Let's Debug is a third party debugging tool to check a few things. It's meant as a tool, not as an ultimate answer to everything.
As the rate limit you're seeing is connected to your account, Let's Debug will never get the same error message, as it's using its own account.
It says so in the line you've quoted by Bruce.
Also, please use the staging environment if you're not doing so already (which seems to be the case if you're still seeing this specific error). First fix the actual problem which is preventing you from getting a certificate (which is not the "too many failed authorizations recently", but the error you were getting before that one) and only when you fixed that issue, continue on the production environment.
That was the day Nextcloud automatically upgraded, and everything stopped working.
I could SSH from my desktop, but that was all.
The cloud was lost, so I took the plunge yesterday, wiped the SD card and started again with the latest version.
All was going well, until I tried to connect it to the outside world.
I don't think I can use the staging environment as it's a raspberry pi with no browser.
Unless it can be done via the command line.
Let's Debug says "OK", but that's on my desktop.
First thing I tried, but the fault was an upgrade failure, which wiped files in the root.
One of which was the config file to the USB, so no backups were made.
The new version couldn't see the USB, so No joy.
HTTP is much simpler, you already heard the request... why redirect it back to yourself [if to make the reply secure, the contents of those challenges (and replies) can be made public without concern]?
So, yes, dealing with the challenge request in HTTP is preferred.
That said, and reading that you were using --webroot and Apache ...
I would start by looking at this output: sudo apachectl -t -D DUMP_VHOSTS
Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for alistairscloud.org
Performing the following challenges:
http-01 challenge for alistairscloud.org
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/alistairscloud.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/alistairscloud.org/privkey.pem
Your certificate will expire on 2023-04-09. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Installing template 'nextcloud.conf.sh'...
INFO: Letsencrypt domain is alistairscloud.org
INFO: Metrics enabled: no
Apache self check:
Syntax OK
System config value trusted_domains => 11 set to string alistairscloud.org
System config value trusted_domains => 3 set to string alistairscloud.org
System config value overwrite.cli.url set to string https://alistairscloud.org/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string alistairscloud.org
System config value trusted_proxies => 14 set to string 192.168.1.80
Setup notify_push (attempt 1/3)
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
Setup notify_push (attempt 2/3)
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
Setup notify_push (attempt 3/3)
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved
