Hello, few months ago I have bought hetzner dedicated server, now I want get ssl sertificate for my domain, but when I run certbot I got error:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP
Previously I didn't got certificate for this server and domain and I don't think it's related to rate limit.
My server IP is 136.243.21.204.
What cause of this problem and how I can solve it? Thanks.
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for my-domain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
The dry run was successful.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
./certbot-auto certonly --standalone --email my@email.com -d my-domain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
An unexpected error occurred:
There were too many requests of a given type :: Error creating new registration :: too many registrations for this IP
I have tried the same action for nginx plugin, but the same result.
That is most most strange indeed, I honestly don’t know how to diagnose any further hopefully @schoen can help trace what’s happening on LE’s auth servers to cause that
There were 10 new registrations created by this IP on 17/11/2017 and another 10 new registrations created by this IP on 20/11/17. All 20 of these registrations have the same email address (I won't share that here since you haven't).
I recommend you triple-check that you don't have an ACME client running on your server that is repeatedly creating new registrations.
I also notice that the UA for all 20 requests is "UserAgent":"Go-http-client/1.1 (linux; amd64) xenolf-acme" - that looks like the Lego ACME client. Here you're invoking Certbot, which is a different ACME client.
Did you previously try to set up Lego? Is there a cronjob left laying around that you might have forgotten about?
@cpu Thanks a lot. Yes, previously I try run traefik which try get certificate. So, traefik ten times try get certificate and it’s was unsuccessful and letsencrypt server banned my IP, right?
May I know is it permanent ban? And why requests were unsuccessful?
Thanks a lot again.
Yes, it sounds like traefik is still installed and tries to create registrations many times a day and is using up your registrations rate limit for this IP.