[SOLVED] Can you please make an additional output in case of errors that there is a rate limit?

Hello,

I had tried to generate a new SSL certificate for my new web server.
I used
certbot --apache

root@bodi:~# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: b4x.os-plus.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for b4x.os-plus.org
Performing the following challenges:
http-01 challenge for b4x.os-plus.org
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain b4x.os-plus.org
http-01 challenge for b4x.os-plus.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: b4x.os-plus.org
  Type: unauthorized
  Detail: Invalid response from
  http://b4x.os-plus.org/.well-known/acme-challenge/okemOnkkTosTs0rNBfL0dClVZhtc3zW3M-Ec1zwIT7M
  [2003:a:70c:7001:20c:29ff:fe90:c58d]: 404

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

I tried it several times until I recognized that I still had an issue with my firewall configuration.

When I updated my firewall configuration I got a different output.

root@bodi:~# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: b4x.os-plus.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for b4x.os-plus.org
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt
Please see the logfiles in /var/log/letsencrypt for more details.

This is extremely frustrating if you do not know that there is a rate limit.

Please update the output in case of errors that there is a rate limit and the actual limit.
Now I have to wait one week until I can try it again.

Best regards

-Christian

How would you suppose the ACME server output would have tackled that? Warn people in errors that there is a chance of hitting rate limits while that limit hasn't been reached yet?

May I suggest users of the Let's Encrypt service to read the documentation? If users actually read the documentation, they would have learned:

1. about rate limits in general;
2. about the existence of the staging environment where testing should be done in the first place, so users won't run into rate limits until the setup actually works;
3. and that the "too many failed authorizations recently" rate limit does not have a sliding window of seven days, but just one hour.

Thank you for your information.

I had read this short documentation.

I will check the staging environment.

Those are the documentation for the ACME client called Certbot. Certbot is currently being developed by the EFF, not by Let's Encrypt. So you really should see those two elements, the client Certbotand the CA Let's Entrypt as two separate things, including the documentation.

Certbot itself by the way does warn for rate limits when the user re-issues a certificate if there already is a perfectly fine certificate know to Certbot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.