letsencrypt - too many registrations for this IP about nginx-ui HOT 10 CLOSED

This is the letsencrypt api rate limit issue. Just wait, it will return normal after 24 hours.

By the way, if you have more than 5 certificates, I recommend you to issue a wilcard certificate.

from nginx-ui.

Currently, the checking interval is about 5 minutes, and it will only perform the renewal action if it has been a month since the last issuance. As the validity period of the certificate is 3 months, I think time is enough for nginx-ui to renew the certificate.

from nginx-ui.

This is the letsencrypt api rate limit issue. Just wait, it will return normal after 24 hours.

By the way, if you have more than 5 certificates, I recommend you to issue a wilcard certificate.

I can't do that, I currently have 10 different TDLs in use, so a wildcard certificate won't help me.

Currently, the checking interval is about 5 minutes, and it will only perform the renewal action if it has been a month since the last issuance. As the validity period of the certificate is 3 months, I think time is enough for nginx-ui to renew the certificate.

Apparently this does not work, because I still get the error message, my certificates are all still valid until March (distributed from 2 - 15).

from nginx-ui.

I can add a setting for the renewal interval, but I don’t think it can solve the problem. I have 6 certificates on my server, and also have the same issue as you. I checked the logs for each certificate, and I finally found that one of the sites had not configured the proxy to the HTTP challenge port, resulting in too many failures on this site which caused rate limiting issues on others.

So, I think you can check if the problem is caused by the failure of renewal of one of the certificates.

I also need to apologize because, in the previous version, due to my oversight, the auto-cert goroutine would block during certificate renewal. Therefore, in the current updated version, there might be an accumulation of previously unrenewed certificates in the first few days. However, as long as the root problem is resolved, these certificates will automatically renew within two or three days.

from nginx-ui.

I can add a setting for the renewal interval, but I don’t think it can solve the problem. I have 6 certificates on my server, and also have the same issue as you. I checked the logs for each certificate, and I finally found that one of the sites had not configured the proxy to the HTTP challenge port, resulting in too many failures on this site which caused rate limiting issues on others.

So, I think you can check if the problem is caused by the failure of renewal of one of the certificates.

I added a "location /.well-known/acme-challenge" to each server block when I set it up.
I have configured it like this:

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 307 https://$server_name$request_uri;
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name example.com www.example.com;
    ssl_certificate /etc/nginx/ssl/example.com_www.example.com/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/example.com_www.example.com/private.key;
    # set upsteam
    set $VARWWW wordpress_example-com_1:80;
    # set fallback
    include /etc/nginx/snippets/fallback.conf;
    # lcoation block
    # include /etc/nginx/snippets/authelia-location.conf;
    location / {
        include /etc/nginx/snippets/authelia-proxy-standard.conf;
        #include /etc/nginx/snippets/authelia-authrequest.conf;
        client_max_body_size 20M;
        proxy_pass http://$VARWWW;
    }
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
    }
}

I also need to apologize because, in the previous version, due to my oversight, the auto-cert goroutine would block during certificate renewal. Therefore, in the current updated version, there might be an accumulation of previously unrenewed certificates in the first few days. However, as long as the root problem is resolved, these certificates will automatically renew within two or three days.

I have only updated to version: 2.0.0-beta.8 (101)
In my opinion, you should look at the expiration date of the certificate and if it is valid for more than 1 month, do not connect to Letsencypt at all.

Here is a small example:
Not valid until: 2023-12-05 15:39:28
Expired on: 2024-03-04 15:39:27

Logs from the certificate:

2023/12/16 07:51:50 [INFO] [Nginx UI] Generating the private key for account registration
2023/12/16 07:51:50 [INFO] [Nginx UI] Preparing the Lego configurations
2023/12/16 07:51:50 [INFO] [Nginx UI] Creating the client facilitates communication with the CA server
2023/12/16 07:51:51 [INFO] [Nginx UI] Set HTTP01 challenge provider
2023/12/16 07:51:51 [INFO] [Nginx UI] Register user
2023/12/16 07:51:51 [INFO] acme: Account registration for [email protected]
2023/12/16 07:51:51 [Error] Registration error: acme: Error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:rateLimited :: Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/too-many-registrations-for-this-ip/

EDIT:
I have checked all sites again and there is a well-known location in each one.

from nginx-ui.

In my opinion, you should look at the expiration date of the certificate and if it is valid for more than 1 month, do not connect to Letsencypt at all.

Yes, this is the current method. 😂

from nginx-ui.

😂
But then why do I get the error message from letsencrypt. As I understand it, it is still trying to establish a connection.

from nginx-ui.

wtf, whatever happened, it worked again about an hour ago. Surely this can't be due to the update to the latest version?

from nginx-ui.

Yes, it has been 3 weeks since I last change that part of codes.

from nginx-ui.

It seems to work without problems now, thanks

from nginx-ui.