I've hit rate limits for new orders although it's only a renewal of an exisiting certificate.
Old certificate is in /live and there is also a .conf-file in /renewal.
My domain is: e.g. your-best-trip.de
I ran this command: automatic renewal attempt not triggered directly by me
It produced this output:
----------------------letsencrypt.log------------------------------
2023-05-04 04:58:54,612:DEBUG:certbot.storage:Should renew, less than 30 days before certificate expiry 2023-05-23 11:33:19 UTC.
2023-05-04 04:58:54,612:INFO:certbot.renewal:Cert is due for renewal, auto-renewing...
2023-05-04 04:58:54,612:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2023-05-04 04:58:54,612:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fcbb8aa1070>
Prep: True
2023-05-04 04:58:54,612:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fcbb8aa1070> and installer None
2023-05-04 04:58:54,613:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-05-04 04:58:54,613:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='>
2023-05-04 04:58:54,614:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-05-04 04:58:54,615:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-05-04 04:58:55,099:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 756
2023-05-04 04:58:55,100:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 May 2023 02:58:55 GMT
Content-Type: application/json
Content-Length: 756
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"J5dzX4ewYzE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-05-04 04:58:55,100:INFO:certbot.main:Renewing an existing certificate
2023-05-04 04:58:57,112:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/602854_key-certbot.pem
2023-05-04 04:58:59,006:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/602852_csr-certbot.pem
2023-05-04 04:58:59,007:DEBUG:acme.client:Requesting fresh nonce
2023-05-04 04:58:59,007:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-05-04 04:58:59,169:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-05-04 04:58:59,170:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 04 May 2023 02:58:59 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 853Fy-MUD17DCWgXlU51mPuxgvjP60juIPZ-S1OaNTrqPVA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2023-05-04 04:58:59,170:DEBUG:acme.client:Storing nonce: 853Fy-MUD17DCWgXlU51mPuxgvjP60juIPZ-S1OaNTrqPVA
2023-05-04 04:58:59,170:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.your-best-trip.de"\n },\n {\n "type": "dns",\n "value": "your-best-trip.de"\n }\n ]\n}'
2023-05-04 04:58:59,172:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTEzNzIxOTc2IiwgIm5vbmNlIjogIjg1M0Z5LU1VRDE3RENXZ1hsVTUxbVB1eGd2alA2MGp1SVBaLVMxT2FOVHJxUFZBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRz>
"signature": "XzP2XPBLc6RYkBBrZbhtrs7dvGiWANLhIc5lmXCRL28WtYIRNpCSlJti-r8auOLZnkRh4gno4p-O-pu4CkeXoB8CQ4YIgzRIyKW8_pL6zCtfDjHlngbkGzHI0R0ytCxDlVmlSA8ExdeppNjU-7bz8xozY2ITJSal6qQ2i0aEOl6m-7DgNI2A-SV7S4OZH4WQonvdtUAQyAXOAcHIm04yo00kQO8Lvcw53rkqd3xN0v1Z>
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy55b3VyLWJlc3QtdHJpcC5kZSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJ5b3VyLWJlc3QtdHJpcC5kZSIKICAgIH0KICBdCn0"
}
2023-05-04 04:58:59,352:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 190
2023-05-04 04:58:59,353:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Thu, 04 May 2023 02:58:59 GMT
Content-Type: application/problem+json
Content-Length: 190
Connection: keep-alive
Boulder-Requester: 113721976
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 27121Vk8nFQKJIF1wsmWPk5rHAiKLMwQJcrFcqXmSYlLp5U
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
}
2023-05-04 04:58:59,353:WARNING:certbot.renewal:Attempting to renew cert (www.your-best-trip.de) from /etc/letsencrypt/renewal/www.your-best-trip.de.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many reques>
2023-05-04 04:58:59,353:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 462, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1208, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 320, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 381, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File "/usr/lib/python3/dist-packages/acme/client.py", line 863, in new_order
return self.client.new_order(csr_pem)
File "/usr/lib/python3/dist-packages/acme/client.py", line 666, in new_order
response = self._post(self.directory['newOrder'], order)
File "/usr/lib/python3/dist-packages/acme/client.py", line 95, in _post
return self.net.post(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1171, in post
return self._post_once(*args, **kwargs)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1184, in _post_once
response = self._check_response(response, content_type=content_type)
File "/usr/lib/python3/dist-packages/acme/client.py", line 1042, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many new orders recently: see https://letsencrypt.org/docs/rate-limits/
----------------------letsencrypt.log------------------------------
My web server is (include version): Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS
My hosting provider, if applicable, is: manitu.de
I can login to a root shell on my machine (yes or no, or I don't know): YES
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.40.0
Thank you for any advice!