Owncloud: "Error creating new order :: too many failed authorizations recently

I am new to this and may have tried to many time as I was getting several errors until I sorted out the firewall, was not aware that I required the appliance to be accessible from outside.

we already have our own wildcard certificate, but would like to use the Let’s encrypt for this server?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=cfts.co), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cfts.co,

I ran this command: via owncloud ‘let’s encrypt’ plugin

It produced this output: "Error creating new order :: too many failed authorizations recently

My web server is (include version): Apache 2.4.25

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: on-premise

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
owncloud 10

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Try honing your cert skills on the staging environment first.

1 Like

This rate limit will reset after an hour (and then your subsequent attempts will give a more specific error message if they fail).

Thanks that’s good advice on both accounts

OK so the error I get is:

ValueError: Challenge did not pass for owncloud.cfts.co: {u’status’: u’invalid’, u’challenges’: [{u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://owncloud.cfts.co/.well-known/acme-challenge/uGSNdyG125ILGc5esJUfrwxFRXfTTiPCFv7zdySuwvQ’, u’hostname’: u’owncloud.cfts.co’, u’addressUsed’: u’41.190.132.252’, u’port’: u’80’, u’addressesResolved’: [u’41.190.132.252’]}], u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/815122557/CnqZ4g’, u’token’: u’uGSNdyG125ILGc5esJUfrwxFRXfTTiPCFv7zdySuwvQ’, u’error’: {u’status’: 400, u’type’: u’urn:ietf:params:acme:error:connection’, u’detail’: u’Fetching http://owncloud.cfts.co/.well-known/acme-challenge/uGSNdyG125ILGc5esJUfrwxFRXfTTiPCFv7zdySuwvQ: Timeout during connect (likely firewall problem)’}, u’type’: u’http-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/815122557/7JgMSA’, u’token’: u’uGSNdyG125ILGc5esJUfrwxFRXfTTiPCFv7zdySuwvQ’, u’type’: u’dns-01’}, {u’status’: u’invalid’, u’url’: u’https://acme-v02.api.letsencrypt.org/acme/chall-v3/815122557/PNuNxQ’, u’token’: u’uGSNdyG125ILGc5esJUfrwxFRXfTTiPCFv7zdySuwvQ’, u’type’: u’tls-alpn-01’}], u’identifier’: {u’type’: u’dns’, u’value’: u’owncloud.cfts.co’}, u’expires’: u’2019-10-24T06:37:39Z’}

Not sure what to make of it I have port 80 and 443 open for now

OK I may have found the issue. Looks like Diaban (stretch) does not support python-virtualenv, and seems no way I can find (keep in mind that im unfamiliar with diaban) to make it support.

Seems owncloud lets encrypt cannot be used with the current version of owncloud as when
certbot-auto is run I get the following:

Package python-virtualenv is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'python-virtualenv' has no installation candidate

apt-get update does not solve the issue and when apt-cache search python-virtualenv a null result is returned.

Whether or not you can fix your Python package issues, I think this issue is still outstanding.

I cannot connect on 80 to owncloud.cfts.co. But I can find other hosts in your /24 that have 80 open.

So it seems like a potential firewalling or port forwarding issue.

Edit: scanned the wrong IP range -_-

1 Like

seems my issues maybe with the owncloud VM, I will do a fresh VM using centos im really not very familiar with Debian, and it seems the documentation for owncloud is also not aimed at Debian.

edit @_az you were right about port 80 I forgot we have 2 firewalls edge and internal, my bad I forgot the internal one, I really feel silly.

However seems the site is still insecure even though the certificate is clearly present.

Before I could connect on 443 but not 80.

Now I can’t connect on either port.

interesting as im connecting fine from outside, just to be clear the url is: https://owncloud.cfts.co

Looks like it was just temporary (or you did something). I can see both ports now - so Let’s Encrypt should be able to perform HTTP validation now.

Your certificate looks fine. What did you mean by:

Is it possible you are talking about a mixed content warning? (Though I can’t see such a warning myself).

Hi @peter2cfu

there is no redirect http -> https.

Domainname Http-Status redirect Sec. G
http://owncloud.cfts.co/ 41.190.132.252 302 http://owncloud.cfts.co/univention/ Html is minified: 100,00 % 0.374 D
http://owncloud.cfts.co/univention/ 302 http://owncloud.cfts.co/univention/portal/ Html is minified: 100,00 % 0.384 D
http://owncloud.cfts.co/univention/portal/ GZip used - 798 / 2082 - 61,67 % 200 Html is minified: 140,68 % 0.377 H

So a new user starts with http -> and uses http.

The certificate is good:

CN=owncloud.cfts.co
	17.10.2019
	15.01.2020
expires in 90 days	owncloud.cfts.co - 1 entry

Two are created.

I’m guessing just timings and thanks for the heads up on redirect I need to do that anyway,

as to the insecure warnings, i don’t get it on Android but do on my PC using chrome.

Add https in the url. That may be the missing redirect.

not sure seems the redirect is not working, I’m guessing I done something wrong here: I made a .httacess file in the /var/www directory

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

Have I the correct location, from what I see it looks likes the right place

Just for completeness:

  1. main issue was the firewall, both port 80 and 443 needed to be exposed to the outside world.in order for ‘lets’ encrypt to do its thing.

note: hon your cert skills on the staging environment first! avoid all the delays.

  1. in order to get http to https redirect working correctly, I created a .httacess file in the /var/www directory (root of my owncloud installation)

     ##### HTTP to HTTPS redirection
     ## Since you have enabled HSTS the first redirection rule will instruct the browser to visit the HTTPS version of your
     ## site, this prevents unsafe redirections through HTTP.
     RewriteCond %{HTTPS} !=on [OR]
     RewriteCond %{HTTP:X-Forwarded-Proto} =http
     RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
     ## HSTS Header - See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
     <IfModule mod_headers.c>
     Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
     </IfModule>
    

after that, all worked a treat! thank you all :slight_smile:

Thank you very informative

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.