There were too many requests of a given type: Failed Validation Limit

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hrmis.penroiloilo.com.ph

I ran this command: sudo cerbot --apache

It produced this output:

An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2023-03-08T17:34:33

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is: Local Server

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):Server version: Apache/2.4.29 (Ubuntu)
Server built: 2023-03-08T17:34:33

Log Error:
2024-09-05 17:59:04,793:DEBUG:certbot.main:certbot version: 0.27.0
2024-09-05 17:59:04,794:DEBUG:certbot.main:Arguments: ['--apache']
2024-09-05 17:59:04,794:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-09-05 17:59:04,810:DEBUG:certbot.log:Root logging level set at 20
2024-09-05 17:59:04,810:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2024-09-05 17:59:04,811:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2024-09-05 17:59:04,886:DEBUG:certbot_apache.configurator:Apache version is 2.4.29
2024-09-05 17:59:05,076:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f0a97e85668>
Prep: True
2024-09-05 17:59:05,078:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_debian.DebianConfigurator object at 0x7f0a97e85668> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f0a97e85668>
2024-09-05 17:59:05,078:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-09-05 17:59:05,081:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1768454457', new_authzr_uri=None, terms_of_service=None), f356160bd59dd11831a592a7f3b837dd, Meta(creation_dt=datetime.datetime(2024, 6, 7, 4, 30, 6, tzinfo=<UTC>), creation_host='localhost.localdomain'))>
2024-09-05 17:59:05,082:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-09-05 17:59:05,083:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2024-09-05 17:59:05,752:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-09-05 17:59:05,753:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Sep 2024 09:59:05 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "dHac-1zblKY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-09-05 17:59:15,740:INFO:certbot.main:Obtaining a new certificate
2024-09-05 17:59:15,878:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0075_key-certbot.pem
2024-09-05 17:59:15,880:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0075_csr-certbot.pem
2024-09-05 17:59:15,881:DEBUG:acme.client:Requesting fresh nonce
2024-09-05 17:59:15,881:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-09-05 17:59:16,085:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-09-05 17:59:16,086:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 05 Sep 2024 09:59:15 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: r6at1aZYeoN8ZrMveEOkL2WS2BiSy6Onx5VyeX-CVFBRbCV4Fqk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-09-05 17:59:16,087:DEBUG:acme.client:Storing nonce: r6at1aZYeoN8ZrMveEOkL2WS2BiSy6Onx5VyeX-CVFBRbCV4Fqk
2024-09-05 17:59:16,088:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "hrmis.penroiloilo.com.ph"\n    },\n    {\n      "type": "dns",\n      "value": "www.hrmis.penroiloilo.com.ph"\n    }\n  ]\n}'
2024-09-05 17:59:16,094:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTc2ODQ1NDQ1NyIsICJub25jZSI6ICJyNmF0MWFaWWVvTjhack12ZUVPa0wyV1MyQmlTeTZPbng1VnllWC1DVkZCUmJDVjRGcWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "aOYHuOvJkPAmB1qthMFWhGFgkfJQrPoNASY9a8-V5qu_jyoGmFgTwfoPvyMSiQS6ldMcywQ7P73OUPylr4_BFnOZN_FEXrnOXlBhVbqIEx0obNGyVLwkndvKn3F4fQctJyF_L_omBzpWZQ1_vxVq3IhweiJkHQ5O80_hupTlnApefB0bq3O-I8tVQkalGeCg6nfSC79gKKvrUfU0K05k8DCEGgUf5R7E2fqmUBXcPMIT89tMq_NpI7NNxrLd_-silG3L71I7B7SLWw4nsbNunMLmN2uz8_wJuZs49302GSfJ8OsK5xo0Y1xPCbRUiSawO44MiZogXRPMxsULQC5oSw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImhybWlzLnBlbnJvaWxvaWxvLmNvbS5waCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ3d3cuaHJtaXMucGVucm9pbG9pbG8uY29tLnBoIgogICAgfQogIF0KfQ"
}
2024-09-05 17:59:16,329:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 213
2024-09-05 17:59:16,330:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Thu, 05 Sep 2024 09:59:16 GMT
Content-Type: application/problem+json
Content-Length: 213
Connection: keep-alive
Boulder-Requester: 1768454457
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: tCF_ahtpEC3RwRDJJ6C-QWeScB2k6D7-BVtUwlC_2JO0RM6cBjg

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/",
  "status": 429
}
2024-09-05 17:59:16,331:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.27.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1124, in run
    certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 391, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 334, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 366, in _get_order_and_authorizations
    orderr = self.acme.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 889, in new_order
    return self.client.new_order(csr_pem)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 672, in new_order
    response = self._post(self.directory['newOrder'], order)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 96, in _post
    return self.net.post(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1204, in post
    return self._post_once(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1218, in _post_once
    response = self._check_response(response, content_type=content_type)
  File "/usr/lib/python3/dist-packages/acme/client.py", line 1073, in _check_response
    raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/
2024-09-05 17:59:16,334:ERROR:certbot.log:An unexpected error occurred:
2024-09-05 17:59:16,334:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

Can you guys help me out on my issue.
I cant renew my ssl

Thanks!

1 Like

When renewing, you probably should use the sudo certbot renew command.

When at first renewal does not succeed, please use the staging environment for testing, using sudo certbot renew --dry-run`.

Once the dry-run works (i.e.: you fixed whatever was causing renewal to fail earlier), you can remove that option to renew using a production cert.

3 Likes

Thanks but I have another error right now.

I find that when dealing with Apache it is always best to start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

1 Like