Comments (10)
This is the letsencrypt api rate limit issue. Just wait, it will return normal after 24 hours.
By the way, if you have more than 5 certificates, I recommend you to issue a wilcard certificate.
from nginx-ui.
Currently, the checking interval is about 5 minutes, and it will only perform the renewal action if it has been a month since the last issuance. As the validity period of the certificate is 3 months, I think time is enough for nginx-ui to renew the certificate.
from nginx-ui.
This is the letsencrypt api rate limit issue. Just wait, it will return normal after 24 hours.
By the way, if you have more than 5 certificates, I recommend you to issue a wilcard certificate.
I can't do that, I currently have 10 different TDLs in use, so a wildcard certificate won't help me.
Currently, the checking interval is about 5 minutes, and it will only perform the renewal action if it has been a month since the last issuance. As the validity period of the certificate is 3 months, I think time is enough for nginx-ui to renew the certificate.
Apparently this does not work, because I still get the error message, my certificates are all still valid until March (distributed from 2 - 15).
from nginx-ui.
I can add a setting for the renewal interval, but I don’t think it can solve the problem. I have 6 certificates on my server, and also have the same issue as you. I checked the logs for each certificate, and I finally found that one of the sites had not configured the proxy to the HTTP challenge port, resulting in too many failures on this site which caused rate limiting issues on others.
So, I think you can check if the problem is caused by the failure of renewal of one of the certificates.
I also need to apologize because, in the previous version, due to my oversight, the auto-cert goroutine would block during certificate renewal. Therefore, in the current updated version, there might be an accumulation of previously unrenewed certificates in the first few days. However, as long as the root problem is resolved, these certificates will automatically renew within two or three days.
from nginx-ui.
I can add a setting for the renewal interval, but I don’t think it can solve the problem. I have 6 certificates on my server, and also have the same issue as you. I checked the logs for each certificate, and I finally found that one of the sites had not configured the proxy to the HTTP challenge port, resulting in too many failures on this site which caused rate limiting issues on others.
So, I think you can check if the problem is caused by the failure of renewal of one of the certificates.
I added a "location /.well-known/acme-challenge" to each server block when I set it up.
I have configured it like this:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 307 https://$server_name$request_uri;
location /.well-known/acme-challenge {
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_pass http://127.0.0.1:9180;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/example.com_www.example.com/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/example.com_www.example.com/private.key;
# set upsteam
set $VARWWW wordpress_example-com_1:80;
# set fallback
include /etc/nginx/snippets/fallback.conf;
# lcoation block
# include /etc/nginx/snippets/authelia-location.conf;
location / {
include /etc/nginx/snippets/authelia-proxy-standard.conf;
#include /etc/nginx/snippets/authelia-authrequest.conf;
client_max_body_size 20M;
proxy_pass http://$VARWWW;
}
location /.well-known/acme-challenge {
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_pass http://127.0.0.1:9180;
}
}
I also need to apologize because, in the previous version, due to my oversight, the auto-cert goroutine would block during certificate renewal. Therefore, in the current updated version, there might be an accumulation of previously unrenewed certificates in the first few days. However, as long as the root problem is resolved, these certificates will automatically renew within two or three days.
I have only updated to version: 2.0.0-beta.8 (101)
In my opinion, you should look at the expiration date of the certificate and if it is valid for more than 1 month, do not connect to Letsencypt at all.
Here is a small example:
Not valid until: 2023-12-05 15:39:28
Expired on: 2024-03-04 15:39:27
Logs from the certificate:
2023/12/16 07:51:50 [INFO] [Nginx UI] Generating the private key for account registration
2023/12/16 07:51:50 [INFO] [Nginx UI] Preparing the Lego configurations
2023/12/16 07:51:50 [INFO] [Nginx UI] Creating the client facilitates communication with the CA server
2023/12/16 07:51:51 [INFO] [Nginx UI] Set HTTP01 challenge provider
2023/12/16 07:51:51 [INFO] [Nginx UI] Register user
2023/12/16 07:51:51 [INFO] acme: Account registration for [email protected]
2023/12/16 07:51:51 [Error] Registration error: acme: Error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:rateLimited :: Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/too-many-registrations-for-this-ip/
EDIT:
I have checked all sites again and there is a well-known location in each one.
from nginx-ui.
In my opinion, you should look at the expiration date of the certificate and if it is valid for more than 1 month, do not connect to Letsencypt at all.
Yes, this is the current method. 😂
from nginx-ui.
😂
But then why do I get the error message from letsencrypt. As I understand it, it is still trying to establish a connection.
from nginx-ui.
wtf, whatever happened, it worked again about an hour ago. Surely this can't be due to the update to the latest version?
from nginx-ui.
Yes, it has been 3 weeks since I last change that part of codes.
from nginx-ui.
It seems to work without problems now, thanks
from nginx-ui.
Related Issues (20)
- Template reverse_proxy.conf wrong name of variables.clientMaxBodySize
- Missing default directives in the 'Add Site' menu when building nginx-ui from source. HOT 2
- Nginx does not reload when adding a site, enabling a site, or disabling a site HOT 11
- AccessLogPath not being properly retrieved in pre-release 6 HOT 1
- Error when Enable TLS HOT 14
- Reduce the items required to create the Cloudflare DNS credentials HOT 10
- Docker container only for UI HOT 3
- Support for cache configuration HOT 3
- 浏览器标签页未关闭可能导致启动过多的终端 HOT 2
- 无法正常管理streams/Unable to manage streams properly HOT 4
- Domain management page: registration, change NS and vhost
- REST/gRPC API key for user HOT 1
- Special characters in Nginx config filename i.e. Site
- ERROR HOT 1
- Cannot enable PHP in a site HOT 2
- Add logrotate to docker container
- Is it possible to simply manage NGINX on host via docker deployment? HOT 4
- Incorrect RAM and CPU Information in Dashboard for LXC HOT 6
- Better breadcrumbs to be able to navigate back to lists
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-ui.