What to do in case of the error "too many failed authorizations recently"

My domain is: bx.btasia.ru

I ran this command: certbot certonly --manual

It produced this output: An unexpected error occurred:
Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

My web server is (include version): NodeJs express, apache2

The operating system my web server runs on is (include version): ubuntu 20.04

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.11.0

"what to do" is first to figure out why the authorizations were failing--you've tried five times within the past hour to get a cert, and each time has failed. The link in the error message will give you common reasons, but your logs from your previous attempts will tell you what's actually happened. Once you've found that out, you'll need to fix it--how you'd do that will naturally depend on what the error is.

Let's Debug reports that your domain isn't responding to connection attempts on port 80, which would prevent cert validation. You'll need to disable any firewalls blocking that port in order to succeed.

6 Likes

This is my first time installing an ssl certificate on a server, so I did everything according to the guides. But as I realized I just didn't have access to static files configured in express server configuration. Maybe you can provide a link to a normal guide

Since I have no idea what you'd consider a "normal guide," I don't think so. More importantly, I don't have any idea how to identify, much less disable, whatever firewall is blocking connections on port 80. You'll need to do that before you can get a cert.

5 Likes

Ok, but how do I make a query if every time I call the command I get Error creating new order :: too many failed authorizations recently

I'd start by testing on the testing/staging environment - NOT the production environment.
certbot certonly --manual --staging

5 Likes


Here I understand that a request is sent to my server to a certain file, but the server is not running I do not know where exactly this file is created. Maybe I should run this command directly to the path "myserver/.well-known/acme-challenge"?

Iā€™d focus on the likely firewall problem first.

The site needs to be accessible from around the world.

4 Likes

Started the server, created a file with dive content, but I get this error when I go to the link

and you can follow the link to download this file

https://bx.btasia.ru/.well-known/acme-challenge/E9Fa5ZL50MOcU_C8fg3YYag8UQdNsfic3lk8JMGUpdw

You can safely go to http://bx.btasia.ru while the server is running

Not here from around the world.
Permanent link to this check report

3 Likes

Got it, can you tell me how to fix this given my inputs Ubuntu 20.04, root permissions, apache2, node js express?

It is likely your router and/or firewall.

3 Likes

I'm a coder and I have an order and it's a rented server, what should I ask the sys admin who is in charge of this server

Open TCP Port 80; and most likely you will want TCP Port 443 open also.

3 Likes

Ok, I opened the ports and now the site you posted shows that the site is accessible from almost everywhere, now can I proceed with the command "certbot certonly --manual --staging"?

1 Like

I believe so.

3 Likes

To be clear: The staging environment will not produce a globally trusted cert.
It should be used only for testing.

Once all tests/testing has been passed/completed, you should be able to obtain a real cert with:
certbot certonly --manual

That said, doing renewals manually is not recommended for production systems.
If this is going to be put into production/long-term use, you should work towards automating the renewal process.
[note: --manual can't be easily automated (if at all)]

3 Likes

Can you also tell me how to configure apache config for ssl?