Is there any way to view your current usage, as it pertains to rate limits


#1

My domain is:

I ran this command:

certbot --apache renew

[but i’m going through a dance to remove a site from the cert on this machine, since it no longer exists]. In the past, I’ve just gone through a bunch of help articles and recipes involving manually hacking on /etc/letsencrypt, until the errors go away.

Now I got this error:

There were too many requests of a given type :: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:

OK, this is news :wink: . So Looking here https://letsencrypt.org/docs/rate-limits/

There’s all sorts of limits in here. Which one did I hit? When will it clear up, and how do I keep this from bringing my site down…


#2

There’s no way to look up this rate limit publicly because it is based on your ACME account and other semi-private information that only the CA can see. In this case though, the rate limit is one hour in duration so it’s not long to wait.

The domain-based rate limits, it’s another story. You can use crt.sh or lectl or letsdebug.net to check them.

Most importantly: use --dry-run on the end of your Certbot commands, while testing things, to avoid hitting rate limits. It will use the test servers which have extremely high rate limits.

Regarding why you might be experiencing problems, I think that your web server might not be listening on port 443 on its IPv6 address: https://letsdebug.net/bright.aura-software.com/1194

# curl -i -6 -L http://bright.aura-software.com/.well-known/acme-challenge/rcM3lD973FwCb-gOj63lcyJm_LsmVv84NtYT9NDM5-4
HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Jun 2018 10:37:48 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://bright.aura-software.com/.well-known/acme-challenge/rcM3lD973FwCb-gOj63lcyJm_LsmVv84NtYT9NDM5-4
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1

curl: (7) Failed connect to bright.aura-software.com:443; Connection refused

#3

Got lectl … that is pretty sweet.

It’d be helpful if the help page and the error page language could be synced.

The error page says " Failed Validation limit of 5 failures per account, per hostname, per hour. ".

The error generated by certbot says:

“too many failed authorizations recently”.

I wasn’t able to connect the dots.

Thanks


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.