Traefik/Kubernetes/Acme - Rate Limit at second try

I’m using Traefik (Kubernetes) and ACME configuration with Let’s Encrypt. A working certification is configured the first time, but when delete Kubernetes and try to configure the certificate (with the exact same script) I get “rate limit” error message.

It even looks like I haven’t reached the rate limit yet: https://tools.letsdebug.net/cert-search?m=domain&q=altinn.studio&d=168

My domain is: matsorg.at21.altinn.studio

I ran this command: Traefik with ACME and Let’s Encrypt integration.

It produced this output:

{“level”:“error”,“msg”:“Unable to obtain ACME certificate for domains “matsorg.at21.altinn.studio” : unable to generate a certificate for the domains [matsorg.at21.altinn.studio]: acme: Error -\u003e One or more domains had a problem:\n[matsorg.at21.altinn.studio] acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/finalize/56990546/448026790 :: urn:ietf:params:acme:error:rateLimited :: Error finalizing order :: too many certificates already issued for exact set of domains: matsorg.at21.altinn.studio: see https://letsencrypt.org/docs/rate-limits/, url: \n”,“time”:“2019-05-13T12:20:02Z”}

My web server is (include version): Traefik 1.7.9

The operating system my web server runs on is (include version): *

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

Hi @matscap

there are a lot of certificates ( https://check-your-website.server-daten.de/?q=altinn.studio#ct-logs ):

CertSpotter-Id Issuer not before not after Domain names LE-Duplicate next LE
909105868 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-13 08:47:57 2019-08-11 08:47:57 matsorg.at21.altinn.studio
1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-05-17 10:11:18
909095832 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-13 08:41:31 2019-08-11 08:41:31 matsorg.at21.altinn.studio
1 entries duplicate nr. 4
904041190 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 11:36:44 2019-08-08 11:36:44 matsorg.at21.altinn.studio
1 entries duplicate nr. 3
904035984 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 11:31:54 2019-08-08 11:31:54 ttd.at21.apps.altinn.studio
1 entries duplicate nr. 1
903941017 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 10:23:22 2019-08-08 10:23:22 other.altinn.studio
1 entries duplicate nr. 2
903935089 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 10:17:20 2019-08-08 10:17:20 other.altinn.studio
1 entries duplicate nr. 1
903935120 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 10:17:18 2019-08-08 10:17:18 matsorg.at21.altinn.studio
1 entries duplicate nr. 2
903928312 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 10:11:18 2019-08-08 10:11:18 matsorg.at21.altinn.studio
1 entries duplicate nr. 1
903580802 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-10 05:26:54 2019-08-08 05:26:54 ttd.apps.at21.altinn.studio
1 entries duplicate nr. 5 next Letsencrypt certificate: 2019-05-16 11:22:27
902346394 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-09 11:54:23 2019-08-07 11:54:23 ttd.apps.at21.altinn.studio
1 entries duplicate nr. 4
902341003 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-09 11:49:36 2019-08-07 11:49:36 ttd.apps.at21.altinn.studio
1 entries duplicate nr. 3
902319262 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-09 11:32:29 2019-08-07 11:32:29 ttd.apps.at21.altinn.studio
1 entries duplicate nr. 2
902306278 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2019-05-09 11:22:27 2019-08-07 11:22:27 ttd.apps.at21.altinn.studio
1 entries duplicate nr. 1

Two domains have hittet the limit:

next Letsencrypt certificate: 2019-05-17 10:11:18

and

next Letsencrypt certificate: 2019-05-16 11:22

13 Certificates in the last 7 days.

PS: crt.sh shows only one certificate with a limit. But currently crt.sh is sometimes very slow.

3 Likes

It sounds like since you’re deleting the resources and recreating them identically that perhaps you’re testing your setup? If so using the staging environment next time will save you this rate limiting trouble.

2 Likes

Thanks @JuergenAuer
Your link was more updated than my “lets debug” link.

Yes @cpu
I’ve tested both staging and “not staging”. On friday it looked like I also reached the rate limit, but it might’ve been something else. I didn’t think I’ve created all these certificates outside staging…

I think I’ve sorted out my problems now :slight_smile: Thanks!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.