We have a kubernetes cluster running in Google cloud and we are using cert-manager to automatically request and renew SSL certificates.
I was upgrading our kubernetes nodes and noticed after the upgrade that we are not able to request SSL certificates from Letsencrypt anymore. I checked Google cloud logs and the cert-manager logs and I noticed that there had been lots of failing renewal requests to the Letsencrypt.
All of these renewal requests failed and returned error code 503: “could not reach ‘domainhere/.well-known/acme-challenge/bNkQzzMOJ8_ss3H9YMePHhaFpp_U2xPef7xuItZWj0U’: wrong status code ‘503’, expected ‘200’”
I investigated more and noticed that we had three certificates in our cluster which were no longer needed. We had moved deployments which were using these certificates behind CloudFlare and using CloudFlare SSL.
We did not delete the certificates from the cluster and when cert-manager tried to renew them it failed because the deployment was no longer available.
Because of the multiple failing renewal requests our IP address got blocked:
“Error initializing issuer: 403 urn:ietf:params:acme:error:rateLimited: Your IP, 126.96.36.199, has been blocked due to ridiculously excessive traffic. Once this is corrected you may request this be reviewed on our forum https://community.letsencrypt.org”
I have deleted the three old certificates so there should not be excessive traffic anymore.
Could you please unblock our IP address 188.8.131.52?