Rate limit with 3 previous ca not backup

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

here is the domain we have and ca already exist.

I have installed discourse over a digital ocean server several days ago, and these two days many reinstallation tries´╝łtry to separate standalone into 2 or 3 container´╝ë.
question is I have not save the first issue ca over my server ´╝łremove the whole discourse directory when debug the new installation´╝ë

right now i hit the rate limit .what do I do where can I manually download the previous ca´╝ł.key and .car ´╝ëfile or I must wait for few days?

root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# ls -l /var/discourse/shared/standalone/ssl 
total 8
-rw-r--r-- 1 root root    0 Dec 26 12:39 bbs.antivte.com.cer
-rw------- 1 root root 3243 Dec 26 12:39 bbs.antivte.com.key
-rw-r--r-- 1 root root    0 Dec 26 12:40 bbs.antivte.com_ecc.cer
-rw------- 1 root root  302 Dec 26 12:40 bbs.antivte.com_ecc.key
root@docker-s-1vcpu-2gb-sgp1-01:/var/discourse# ./launcher enter app
root@docker-s-1vcpu-2gb-sgp1-01-app:/var/www/discourse# sv stop nginx
ok: down: nginx: 0s, normally up, want up
root@docker-s-1vcpu-2gb-sgp1-01-app:/var/www/discourse# /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
root@docker-s-1vcpu-2gb-sgp1-01-app:/var/www/discourse# LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d bbs.antivte.com -k 4096 -w /var/www/discourse/public
[Thu 26 Dec 2019 05:19:13 AM UTC] Lets find script dir.
[Thu 26 Dec 2019 05:19:13 AM UTC] _SCRIPT_='/shared/letsencrypt/acme.sh'
[Thu 26 Dec 2019 05:19:13 AM UTC] _script='/shared/letsencrypt/acme.sh'
[Thu 26 Dec 2019 05:19:13 AM UTC] _script_home='/shared/letsencrypt'
[Thu 26 Dec 2019 05:19:13 AM UTC] Using config home:/shared/letsencrypt
https://github.com/Neilpang/acme.sh
v2.8.4
[Thu 26 Dec 2019 05:19:13 AM UTC] Running cmd: issue
[Thu 26 Dec 2019 05:19:13 AM UTC] _main_domain='bbs.antivte.com'
[Thu 26 Dec 2019 05:19:13 AM UTC] _alt_domains='no'
[Thu 26 Dec 2019 05:19:13 AM UTC] Using config home:/shared/letsencrypt
[Thu 26 Dec 2019 05:19:13 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu 26 Dec 2019 05:19:13 AM UTC] DOMAIN_PATH='/shared/letsencrypt/bbs.antivte.com'
[Thu 26 Dec 2019 05:19:13 AM UTC] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu 26 Dec 2019 05:19:13 AM UTC] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu 26 Dec 2019 05:19:13 AM UTC] GET
[Thu 26 Dec 2019 05:19:13 AM UTC] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu 26 Dec 2019 05:19:13 AM UTC] timeout=
[Thu 26 Dec 2019 05:19:13 AM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Thu 26 Dec 2019 05:19:14 AM UTC] ret='0'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_NEW_AUTHZ
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu 26 Dec 2019 05:19:14 AM UTC] ACME_VERSION='2'
[Thu 26 Dec 2019 05:19:14 AM UTC] Le_NextRenewTime
[Thu 26 Dec 2019 05:19:14 AM UTC] _on_before_issue
[Thu 26 Dec 2019 05:19:14 AM UTC] _chk_main_domain='bbs.antivte.com'
[Thu 26 Dec 2019 05:19:14 AM UTC] _chk_alt_domains
[Thu 26 Dec 2019 05:19:14 AM UTC] Le_LocalAddress
[Thu 26 Dec 2019 05:19:14 AM UTC] d='bbs.antivte.com'
[Thu 26 Dec 2019 05:19:14 AM UTC] Check for domain='bbs.antivte.com'
[Thu 26 Dec 2019 05:19:14 AM UTC] _currentRoot='/var/www/discourse/public'
[Thu 26 Dec 2019 05:19:14 AM UTC] d
[Thu 26 Dec 2019 05:19:14 AM UTC] _saved_account_key_hash is not changed, skip register account.
[Thu 26 Dec 2019 05:19:14 AM UTC] Read key length:4096
[Thu 26 Dec 2019 05:19:14 AM UTC] _createcsr
[Thu 26 Dec 2019 05:19:14 AM UTC] Single domain='bbs.antivte.com'
[Thu 26 Dec 2019 05:19:15 AM UTC] Getting domain auth token for each domain
[Thu 26 Dec 2019 05:19:15 AM UTC] d
[Thu 26 Dec 2019 05:19:15 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu 26 Dec 2019 05:19:15 AM UTC] payload='{"identifiers": [{"type":"dns","value":"bbs.antivte.com"}]}'
[Thu 26 Dec 2019 05:19:15 AM UTC] RSA key
[Thu 26 Dec 2019 05:19:15 AM UTC] HEAD
[Thu 26 Dec 2019 05:19:15 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu 26 Dec 2019 05:19:15 AM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Thu 26 Dec 2019 05:19:16 AM UTC] _ret='0'
[Thu 26 Dec 2019 05:19:16 AM UTC] POST
[Thu 26 Dec 2019 05:19:16 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu 26 Dec 2019 05:19:16 AM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Thu 26 Dec 2019 05:19:17 AM UTC] _ret='0'
[Thu 26 Dec 2019 05:19:17 AM UTC] code='429'
[Thu 26 Dec 2019 05:19:17 AM UTC] Le_LinkOrder
[Thu 26 Dec 2019 05:19:17 AM UTC] Le_OrderFinalize
[Thu 26 Dec 2019 05:19:17 AM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Thu 26 Dec 2019 05:19:17 AM UTC] pid
[Thu 26 Dec 2019 05:19:17 AM UTC] No need to restore nginx, skip.
[Thu 26 Dec 2019 05:19:17 AM UTC] _clearupdns
[Thu 26 Dec 2019 05:19:17 AM UTC] dns_entries
[Thu 26 Dec 2019 05:19:17 AM UTC] skip dns.
[Thu 26 Dec 2019 05:19:17 AM UTC] _on_issue_err
[Thu 26 Dec 2019 05:19:17 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Thu 26 Dec 2019 05:19:17 AM UTC] Diagnosis versions: 
openssl:openssl
``
1 Like

Hi @wanghaisheng

if you have hitted the rate limit and if you don't have the private key, you have to wait.

But your setup is wrong. If you use docker, you must save all certificate informations (account key + certificate key) on another - permanent - device. So you can re-use all these files if you destroy your installation.

Use the time with the test system to change that setup.

PS: Reading your output - https://check-your-website.server-daten.de/?q=bbs.antivte.com#ct-logs

There are only two older certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-12-06 2020-03-05 bbs.antivte.com - 1 entries
Let's Encrypt Authority X3 2019-12-06 2020-03-05 bbs.antivte.com - 1 entries

Doesn't look that you have hitted the limit (5 certificates are possible).

Perhaps you have hitted the

There is a Failed Validation limit of 5 failures per account, per hostname, per hour.

limit.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.