Any new certificate I attempt to generate is ratelimited with my domain I know its not an IP ratelimit as I try with my other domains and it works fine. Its suppose generate the certificate correctly as I have the same code running one for development and one for production. The production one works and I have tried using multiple programs and none of them will generate a corticate.
The error I am getting:
"time="2023-08-28T18:02:41Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" providerName=production.acme routerName=api-dev@docker rule="Host(api-dev.notibot.app)"
I see there is Traefik involved.
And that no cert has ever been issued for that FQDN.
You should answer all the questions that were posed when you opened this help topic.
As well as providing any other relevant information.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
time="2023-08-28T18:26:27Z" level=error msg="Cannot retrieve the ACME challenge for token Test_File-1234: cannot find challenge for token Test_File-1234" providerName=acme
800
time="2023-08-28T19:07:43Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: error: one or more domains had a problem:\n[api-dev.notibot.app] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" providerName=production.acme routerName=api-dev@docker rule="Host(api-dev.notibot.app)"
801
time="2023-08-28T19:07:50Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: error: one or more domains had a problem:\n[api-dev.notibot.app] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" routerName=api-dev@docker rule="Host(api-dev.notibot.app)" providerName=production.acme
802
time="2023-08-28T19:07:54Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: error: one or more domains had a problem:\n[api-dev.notibot.app] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" providerName=production.acme routerName=api-dev@docker rule="Host(api-dev.notibot.app)"
803
time="2023-08-28T19:08:01Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: error: one or more domains had a problem:\n[api-dev.notibot.app] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" rule="Host(api-dev.notibot.app)" providerName=production.acme routerName=api-dev@docker
804
time="2023-08-28T19:08:07Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: error: one or more domains had a problem:\n[api-dev.notibot.app] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge\n" providerName=production.acme routerName=api-dev@docker rule="Host(api-dev.notibot.app)"
805
time="2023-08-28T19:08:10Z" level=error msg="Unable to obtain ACME certificate for domains "api-dev.notibot.app": unable to generate a certificate for the domains [api-dev.notibot.app]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt" providerName=production.acme routerName=api-dev@docker rule="Host(api-dev.notibot.app)"
In addition to the questions to the form @rg305 showed would you please explain how your Traefik, Docker, and Cloudflare are configured together? You have your domain name proxied at Cloudflare so are using their CDN and this is important.
Because if api-dev.notibot.app is your real domain some odd results occur (IPv4 shown but IPv6 is the same)
Normal redirect by Cloudflare from HTTP to HTTPS
curl -i4 api-dev.notibot.app
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Aug 2023 20:04:55 GMT
Location: https://api-dev.notibot.app/
Server: cloudflare
Following the redirect gets an http error 526 from Cloudflare - bad cert.
Not necessarily wrong at this stage but you could use Cloudflare Origin CA cert during setup or even beyond depending on your needs.
curl -i4 https://api-dev.notibot.app
HTTP/2 526
server: cloudflare
The expected 404 response Except that it took over 30 seconds!
Something is very wrong to take that long for a 404
curl -i4 api-dev.notibot.app/.well-known/acme-challenge/Forum2TestABC
HTTP/1.1 404 Not Found
Server: cloudflare
