Too many requests of a given type

ffernandomaximo · August 17, 2020, 11:05am

Hi Guys,

I’m getting an error when trying to create a SSL certificate.
Initially it was an unauthorised message, now I’m getting too many requests.

My domain is: www.hipollo.com

I ran this command: sudo certbot --apache

It produced this output:

Unauthorised Error

I followed the directions and created the directory .well-known/acme-challenge/1234 but didnt work.

There were too many requests of a given type

Now, when I’m running the command again I’m getting this error.

The operating system my web server runs on is (include version): Debian 4.9.228-1 (2020-07-05) x86_64

My hosting provider, if applicable, is: GCP

Can you help me please?
Thanks

_az · August 17, 2020, 11:17am

Use --dry-run until you can figure out your authorization issue. Without --dry-run, you only get 5 attempts per hour. With it, you get many more tries.

As for why you are getting an error … your domain is running on an nginx webserver. Why are you using --apache?

ffernandomaximo · August 18, 2020, 12:24am

Thanks for suggestion @_az

However I still getting the Unauthorised error:

Would you know how can I fix that?

Thanks

_az · August 18, 2020, 12:26am

Hi,

Could you please answer my other question:

ffernandomaximo · August 18, 2020, 2:01am

Good point.

I have removed the python-certbot-apache and installed nginx:
sudo apt-get install certbot python-certbot-nginx

And then ran:
sudo certbot --nginx

But even though I got the same message:

_az · August 18, 2020, 2:02am

What’s the IP address of this server?

curl ipinfo.io/ip

ffernandomaximo · August 18, 2020, 2:35am

My external IP address is:
35.201.28.8

_az · August 18, 2020, 2:53am

Does this work?

sudo certbot certonly -d hipollo.com -d www.hipollo.com --standalone --pre-hook "service nginx stop" --post-hook "service nginx restart" --dry-run

Trying to identify whether this is a problem with the Certbot nginx plugin or if something else is going on.

ffernandomaximo · August 18, 2020, 3:06am

Didn't work.

_az · August 18, 2020, 3:23am

How did you install nginx and Rasa X? Is it running in Docker or Kubernetes perhaps? Did you follow a particular set of instructions?

From that screenshot, we can see that even when we tried to stop nginx, your nginx server kept running. So certbot --nginx is probably not an option either.

We need to identify what the appropriate way to secure your application is, and that depends how you have actually deployed your application.

ffernandomaximo · August 18, 2020, 3:32am

I simply used the following command to install Rasa X (https://rasa.com/docs/rasa-x/installation-and-setup/install/quick-install-script/):

curl -s get-rasa-x.rasa.com | sudo bash

Thanks again for your help.

_az · August 18, 2020, 3:36am

Great!

That quick-start starts an embedded Kubernetes cluster on your server using k3s.

So you will most likely need to use one of the Kubernetes-native approaches in order to get SSL certificates working. That’s unfortunate because it means you can’t really use Certbot or anything like that. More likely you will need something like cert-manager.

Let me try run it myself, I’ll see whether there’s a relatively simple approach …

_az · August 18, 2020, 4:18am

OK. I setup Rasa X, using the quick-start instructions, at http://mozart-monday.bnr.la.

By default, it comes with Traefik for its ingress controller and a self-signed certificate, which is no good. As I mentioned earlier, usually people use cert-manager to get SSL going in Kubernetes.

Luckily … the Rasa team has documented how to do it here. It’s not exactly for the faint of heart, but it’s not impossibly hard either. I think as long as you carefully read the instructions and modify the yaml files as described, it should work.

It worked for me, I have SSL now using only those instructions: https://mozart-monday.bnr.la

ffernandomaximo · August 18, 2020, 4:44am

Thanks a lot.

Have created the yml files and edited them, however getting the following error when upgrading helm:

Is there anything wrong in my command?

ffernandomaximo · August 18, 2020, 4:46am

I created the files under my user directory:

_az · August 18, 2020, 4:54am

I think I had that too - try first running helm repo update as the error message suggests.

ffernandomaximo · August 18, 2020, 7:54am

Hey @_az can you let me know which server are you using to run and how did you configure the values.yml file?

I have tried everything but no success.

Thanks

_az · August 18, 2020, 8:31am

.

I’ll go through it once on a completely fresh Ubuntu 20.04 server:

I logged in as root.

I ran:

apt update && apt -y install curl sudo

Then:

curl -s get-rasa-x.rasa.com | sudo bash

Then waited a few minutes for that to finish.

At that point I could access Rasa without SSL at http://www.rasa-test.ga/.

Next up, I ran:

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

Now I begin following the instructions at https://blog.rasa.com/the-complete-guide-to-deploying-your-rasa-assistant/#add-domain-and-ssl.

I ran:

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml

I then created /tmp/letsencrypt-issuer-production.yml with these contents (the only change I made was to the email):

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
  # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: le-rasa@id-rsa.pub
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
        name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
            class: traefik

then I ran:

sudo kubectl apply -f /tmp/letsencrypt-issuer-production.yml

Then I created /tmp/cert-request.yml (I changed commonName and dnsNames, and secretName):

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: letsencrypt-prod
  namespace: rasa
spec:
  secretName: rasa-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
  commonName: rasa-test.ga
  dnsNames:
  - rasa-test.ga
  - www.rasa-test.ga

then ran:

sudo kubectl apply -f /tmp/cert-request.yml

Then I created /tmp/values.yml (substituting secretName, host and hosts):

ingress:
  annotations:
    ingress.annotations.certmanager.k8s.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/ingress.class: traefik
  hosts:
    - host: rasa-test.ga
      paths:
      - /
    - host: www.rasa-test.ga
      paths:
      - /
  tls:
   - secretName: rasa-tls
     hosts:
       - rasa-test.ga
       - www.rasa-test.ga

then ran:

helm upgrade --values /tmp/values.yml --namespace rasa --reuse-values rasa rasa-x/rasa-x

and https://rasa-test.ga was working a few seconds later. I’ll keep it online for a little bit before deleting it.

ffernandomaximo · August 18, 2020, 10:47am

Hi @_az

Thanks very much for your help.

I followed your steps and finally got it .

Thank mate.
Fernando Maximo

system · September 17, 2020, 10:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.