SSL 429 something error!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:hacksleak.in

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):ubuntu 20.04

My hosting provider, if applicable, is:digitalocean.com

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

we have own vmware server with discourse forum software but we moved to digital ocean but when we rebuild launcher we are geeting below error in logs.

Fix your DNS records--this IP doesn't belong to a DigitalOcean droplet.

When Its Pointed to Droplet ip it was giving error like [ACME error: 429 Too Many Requests ]

we didnt get solution so we go with previous server ip only.

Actually the matter is: we have server with discourse forum installed with this 122.169.118.87
but at night we tried to deploy in digital ocean droplet everything goes ok but when we access the domain via browser refused to connect then we check error logs.

ACME error :429

domain is https://hacksleak.in

Hi @rahulmasal,

Error 429 is returned by the Let's Encrypt certificate authority server at the HTTP layer for any kind of rate limiting condition. However, there are many different rate limits and 429 is used for all of them.

There should be additional accompanying text indicating the exact rate limit that was reached; can you check for that exact text in your software?

if rate limit is there then how to obtain new or how to restore existing??

The point is that it depends on which rate limit it is. There are several of them, and the reason for each (and what you might have to do in response) is different!

./launcher logs app
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Sun 16 May 2021 03:22:27 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 16 May 2021 03:22:27 AM UTC] Single domain='hacksleak.in'
[Sun 16 May 2021 03:22:27 AM UTC] Getting domain auth token for each domain
[Sun 16 May 2021 03:22:30 AM UTC] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt",
"status": 429
}
[Sun 16 May 2021 03:22:30 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Error loading file ca.cer
[Sun 16 May 2021 03:22:32 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 16 May 2021 03:22:32 AM UTC] Single domain='hacksleak.in'
[Sun 16 May 2021 03:22:32 AM UTC] Getting domain auth token for each domain
[Sun 16 May 2021 03:22:35 AM UTC] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt",
"status": 429
}
[Sun 16 May 2021 03:22:35 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Sun 16 May 2021 03:22:35 AM UTC] Installing key to:/shared/ssl/hacksleak.in.key
[Sun 16 May 2021 03:22:35 AM UTC] Installing full chain to:/shared/ssl/hacksleak.in.cer
cat: /shared/letsencrypt/hacksleak.in/fullchain.cer: No such file or directory
[Sun 16 May 2021 03:22:37 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 16 May 2021 03:22:37 AM UTC] Single domain='hacksleak.in'
[Sun 16 May 2021 03:22:37 AM UTC] Getting domain auth token for each domain
[Sun 16 May 2021 03:22:40 AM UTC] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt",
"status": 429
}
[Sun 16 May 2021 03:22:40 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Error loading file ca.cer
[Sun 16 May 2021 03:22:41 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 16 May 2021 03:22:41 AM UTC] Single domain='hacksleak.in'
[Sun 16 May 2021 03:22:41 AM UTC] Getting domain auth token for each domain
[Sun 16 May 2021 03:22:44 AM UTC] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt",
"status": 429
}
[Sun 16 May 2021 03:22:44 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Sun 16 May 2021 03:22:44 AM UTC] Installing key to:/shared/ssl/hacksleak.in_ecc.key
[Sun 16 May 2021 03:22:44 AM UTC] Installing full chain to:/shared/ssl/hacksleak.in_ecc.cer
cat: /shared/letsencrypt/hacksleak.in_ecc/fullchain.cer: No such file or directory
Error loading file ca.cer
Error loading file ca.cer
Started runsvdir, PID is 2169
ok: run: redis: (pid 2179) 0s
chgrp: invalid group: ‘syslog’
ok: run: postgres: (pid 2181) 0s
nginx: [emerg] cannot load certificate "/shared/ssl/hacksleak.in.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
supervisor pid: 2176 unicorn pid: 2205
nginx: [emerg] cannot load certificate "/shared/ssl/hacksleak.in.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/shared/ssl/hacksleak.in.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/shared/ssl/hacksleak.in.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Thanks! So, that shows that you keep trying this process and it keeps failing so frequently that the certificate authority has decided not to let you continue trying.

From the close-together timestamps on these log entries, it does look like whatever software you're using is retrying very quickly. Unfortunately, that prevents us from seeing (from these log entries) what the underlying problem is, that is, why the requests fail during the short period of time each hour when the certificate authority would allow you to try the request again.

Perhaps you could look in the suggested log file

to see if it has some entries that give a different error (they would be a minority of entries because the majority of attempts would be blocked by this rate limit, but once per hour there would be some permitted attempts that failed for a different, more substantive reason).

Alternatively, can you make this software retry the request much less frequently? If you could do so, these error messages would all refer to the real reason that the certificate request failed.

1 Like

Please tell me the solution on this ... due to this my website migration stuck!

Can you try one of the things that I mentioned before?

There is some underlying reason that the request is failing, but the software is retrying so quickly that the useful, relevant error messages quickly get hidden by rate limit errors.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.