Production error 503 on renewal attempts

After several years of flawless operation I can no longer renew certificates
Using Nethserver with letsencrypt.
error log:

2023-03-02 08:48:14,724:DEBUG:urllib3.connectionpool:"POST /acme/new-acct HTTP/1.1" 503 90
2023-03-02 08:48:14,725:DEBUG:acme.client:Received response:
HTTP 503
content-length: 90
server: nginx
retry-after: 14
connection: keep-alive
cache-control: private
date: Thu, 02 Mar 2023 16:48:14 GMT
content-type: application/problem+json

{"type": "urn:ietf:params:acme:error:rateLimited", "detail": "Service busy; retry later."}
2023-03-02 08:48:14,726:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1277, in certonly
    le_client = _init_le_client(config, auth, installer)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 652, in _init_le_client
    acc, acme = _determine_account(config)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 570, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 175, in register
    regr = perform_registration(acme, config, tos_cb)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 217, in perform_registration
    return acme.new_account_and_tos(newreg, tos_cb)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 861, in new_account_and_tos
    return self.client.new_account(regr)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 603, in new_account
    response = self._post(self.directory['newAccount'], new_account)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 97, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1201, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1214, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1072, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Service busy; retry later.
2023-03-02 08:48:14,730:ERROR:certbot._internal.log:An unexpected error occurred:
2023-03-02 08:48:14,731:ERROR:certbot._internal.log:There were too many requests of a given type :: Service busy; retry later.
[root@sparky ~]#

Service status shows degradation on the staging environment but it's been doing this for a while on production.. I have 6 days left in my certificates.

Are you sure? Production should be unaffected. Please post the entire log file.

I can confirm that production is working fine for me.

I got this error using --dry run on the cerbot renew command, however, as you mentioned it went away on production, i.e. certbot renew without --dry-run (which obviously uses the staging environment).

OK this is really strange.. the web interface of Nethserver shows errors and references the letsencrypt logfile which I copied part of.. I took a closer look and it actually is the staging environment throwing that error. I manually renewed using the cli and it worked fine. I guess nethserver web interface attempts the staging environment first to prevent errors on the production side..

My apologies for not reading more of the logs!!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.