[solved][beta] rate limit error first time running letsencrypt-auto


#1

When running the letsencrypt-auto command for the first time I got a rate limit error. I’m not sure why that is; no one else has access to that server and I’ve never used Lets Encrypt before. It’s hosted at Digital Ocean and has public IPv4 and IPv6 addresses.

I ran the following commands:

  git clone https://github.com/letsencrypt/letsencrypt
  cd letsencrypt
  ./letsencrypt-auto --agree-dev-preview --server \
      https://acme-v01.api.letsencrypt.org/directory certonly

Here’s the log file:

2015-11-04 14:37:06,367:DEBUG:letsencrypt.cli:Root logging level set at 30
2015-11-04 14:37:06,370:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2015-11-04 14:37:06,371:DEBUG:letsencrypt.cli:letsencrypt version: 0.0.0.dev20151104
2015-11-04 14:37:06,371:DEBUG:letsencrypt.cli:Arguments: ['--agree-dev-preview', '--server', 'https://acme-v01.api.letsencrypt.org/directory']
2015-11-04 14:37:06,372:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2015-11-04 14:37:06,379:DEBUG:letsencrypt.cli:Requested authenticator None and installer None
2015-11-04 14:37:06,536:DEBUG:letsencrypt.plugins.disco:No installation (PluginEntryPoint#apache):
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 145, in prepare
    raise errors.NoInstallationError
NoInstallationError
2015-11-04 14:37:06,537:DEBUG:letsencrypt.plugins.disco:Other error:(PluginEntryPoint#webroot): --webroot-path must be set
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/disco.py", line 103, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/plugins/webroot.py", line 89, in prepare
    self.option_name("path")))
PluginError: --webroot-path must be set
2015-11-04 14:37:06,538:DEBUG:letsencrypt.display.ops:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = letsencrypt.plugins.standalone:Authenticator
Initialized: <letsencrypt.plugins.standalone.Authenticator object at 0x7f974af04790>
Prep: True
2015-11-04 14:37:06,539:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt.plugins.standalone.Authenticator object at 0x7f974af04790> and installer None
2015-11-04 14:37:39,648:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-11-04 14:37:39,664:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-04 14:37:40,311:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 263
2015-11-04 14:37:40,314:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '263', 'Expires': 'Wed, 04 Nov 2015 14:37:40 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 04 Nov 2015 14:37:40 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': 'UDRxdDZ-4a8pOYyp15Kcpo-flEoQYWSy72NFS9gBiuY'}. Content: '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-04 14:37:40,315:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '263', 'Expires': 'Wed, 04 Nov 2015 14:37:40 GMT', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 04 Nov 2015 14:37:40 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*', 'Replay-Nonce': 'UDRxdDZ-4a8pOYyp15Kcpo-flEoQYWSy72NFS9gBiuY'}): '{"new-authz":"https://acme-v01.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-v01.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-v01.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-v01.api.letsencrypt.org/acme/revoke-cert"}'
2015-11-04 14:37:40,315:DEBUG:root:Requesting fresh nonce
2015-11-04 14:37:40,316:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {}
2015-11-04 14:37:40,317:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-04 14:37:40,863:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-reg HTTP/1.1" 405 0
2015-11-04 14:37:40,866:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '0', 'Pragma': 'no-cache', 'Expires': 'Wed, 04 Nov 2015 14:37:41 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 04 Nov 2015 14:37:41 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': '1dcrLuCsH3S4Ko_ow9Xgx8El76WgwV1hpz4oqlX9b40'}. Content: ''
2015-11-04 14:37:40,867:DEBUG:acme.client:Storing nonce: '\xd5\xd7+.\xe0\xac\x1ft\xb8*\x8f\xe8\xc3\xd5\xe0\xc7\xc1%\xef\xa5\xa0\xc1]a\xa7>(\xaaU\xfdo\x8d'
2015-11-04 14:37:40,869:DEBUG:acme.jose.json_util:Omitted empty fields: agreement=None, certificates=None, authorizations=None, key=None
2015-11-04 14:37:40,869:DEBUG:acme.client:Serialized JSON: {"contact": ["mailto:linuxgeek@gmail.com"], "resource": "new-reg"}
2015-11-04 14:37:40,871:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, alg=None, jku=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None, jwk=None
2015-11-04 14:37:40,877:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None
2015-11-04 14:37:40,877:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "yDMM7mhYN-pDXSwbyLsLcTVUO0imrCwKU4Fyfnns7diM4uFkIOchZ2iAkw3UOzBflAwKARXfs1rDkm8OMO_xLiuDPQRJQRbDlfkLck7uSVdwUEF4ukxZdR90PAupR9fjVLc0R7EpmZtPTrRpms0TVBn80G9PNfrjoKWxiEQA9wxt7a3ErRmgkxTkHrSfpYvnJZYCX6PtpqNy218rxOx4N2T3mNpPrK5QANAK0VxvEjTsZND5ZIloVEjUr1TfOnTmf7S8XSnYPrvoixeU2vfG9DMqFsax-cQI0Zb3LCaLf9gNrg86exmuoyabH8fkvEWCJEQPc0Wv0q-7wvBMs4WK8w"}}, "protected": "eyJub25jZSI6ICIxZGNyTHVDc0gzUzRLb19vdzlYZ3g4RWw3Nldnd1YxaHB6NG9xbFg5YjQwIn0", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86bGludXhnZWVrQGdtYWlsLmNvbSJdLCAicmVzb3VyY2UiOiAibmV3LXJlZyJ9", "signature": "TcC8ItmzPfxbkCQPnwHm30hz5gE5O6VhE2CkhWxfntMhfEUCFu65ptuFU1CMcDlXlhoydqvLr6vruHEqxL2zEisfBoqglPR5nu4B7sQtAYDfGyMw5jJEjLoRyIzTwC7nNlB9gHmlIiPeVC8igJ-9UMPQzjtrORRajM8cVqvxKHqAlWBx4_7k7iZU3mK29hsCXef5weQ0FUgcmSnwZ6W2HtTmVmEeUC7SNfBkOhoHWdjjfMDHBiPSw_ARBV_qVR6zGsj-Vcg2FF8NpDvtQMJPidyqvBrriySsL2i80wwA_bYFcnQiLXUoARM-J_vFY8h_xJoVQq6a8g3Mw5uF8aD4gA"}'}
2015-11-04 14:37:40,879:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2015-11-04 14:37:41,391:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-reg HTTP/1.1" 429 119
2015-11-04 14:37:41,394:DEBUG:root:Received <Response [429]>. Headers: {'Content-Length': '119', 'Expires': 'Wed, 04 Nov 2015 14:37:42 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 04 Nov 2015 14:37:42 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'yj9YWCA6QplkZ6sZmhLqQ86IXk29RVSzFBKlsAG0PJc'}. Content: '{"type":"urn:acme:error:rateLimited","detail":"Error creating new registration :: Too many registrations from this IP"}'
2015-11-04 14:37:41,395:DEBUG:acme.client:Storing nonce: '\xca?XX :B\x99dg\xab\x19\x9a\x12\xeaC\xce\x88^M\xbdET\xb3\x14\x12\xa5\xb0\x01\xb4<\x97'
2015-11-04 14:37:41,396:DEBUG:acme.client:Received response <Response [429]> (headers: {'Content-Length': '119', 'Expires': 'Wed, 04 Nov 2015 14:37:42 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Wed, 04 Nov 2015 14:37:42 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'yj9YWCA6QplkZ6sZmhLqQ86IXk29RVSzFBKlsAG0PJc'}): '{"type":"urn:acme:error:rateLimited","detail":"Error creating new registration :: Too many registrations from this IP"}'
2015-11-04 14:37:41,399:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1138, in main
    return args.func(args, config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 479, in obtaincert
    le_client = _init_le_client(args, config, authenticator, installer)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 174, in _init_le_client
    acc, acme = _determine_account(args, config)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 161, in _determine_account
    config, account_storage, tos_cb=_tos_cb)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 89, in register
    regr = acme.register(messages.NewRegistration.from_data(email=config.email))
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 97, in register
    response = self.net.post(self.directory[new_reg], new_reg)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 624, in post
    return self._check_response(response, content_type=content_type)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 542, in _check_response
    raise messages.Error.from_json(jobj)
Error: rateLimited :: There were too many requests of a given type :: Error creating new registration :: Too many registrations from this IP


#2

Solved it by disabling the IPv6 address on the interface.


#3

I’m at Linode and got the same problem with the rate limit per IP. The server the LE client tries to connect with has an IPv6 address so that protocol is (naturally) chosen. When checking the IP of the requester, the API probably bases the limit on a much broader range than the Linode costumer is allocated. Therefore, if other Linode costumers get their 10 certificates before I do at any given day (before launch), I’m screwed. Unless I disable the IPv6 interface on my virtual host or some other way force an IPv4 connection.


#4

Well that’s frustrating as all hell. Disabling IPv6 is hardly a “solution” and more of a workaround. I’m also getting this on my OVH machine with a single IPv6 address, fwiw.