Comments (7)
chriszuercher
commented on June 7, 2024
1
Edit: I could finally just create a new certificate (using same data) and use this one. Let's hope next renew works again. The rate limit didn't occur (last I couldn't do this because I was blocked out becuase of to many requests).
Original Problem:
I'm using 3 domains in the same certificate. One of them is handled in NPM (ha.) the others not. The challenge works for the two domains not handled at NPM but not for the one which is used as proxy there. This one stays pending forever. Portforwarding and DNS config is the same for all of them (and ha. ist alsow working and handeld in NPM):
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHhmbXItWjJubkdLR2VXNFkwYU9HQ3RPTzlWc0VtbURabGVGaE02bWhlUVEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "UvHGA_tBh9HCnkgqC3RA-yAm1GUOpLsmEQGlUWLHEu6Adrw-EqN6fglxzRMmXBcYwng_xniHIaj6L6BeG9eQ4pL3MfMbHhZDL-bKNhr02Z_TkK3Mz9qf6qbHWwx8bBtQTnynMRHn14WZqUhxNtE9k6jHvHk2__tpye4g1Ler-n-SAmT08zaevO8JfpWVrDaJykivssyZLrH8N0Doe7b_OdtmcNvR74EnFabitVeCfqKVgeV1f_Yh-aoj1kPgI7HbWA7iZPbmnieAIT2p-tooCnGlVuqSqYWgLDM5UTwQ_QCgfMQ38XHv__YeJTkQSgbVtzLzx5XXTBwSKXndCkMFUg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNocmlzLnp1ZXJjaGVyLmNvbS5teCIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJkaXNrc3RhdGlvbi56dWVyY2hlci5jb20ubXgiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiaGEuenVlcmNoZXIuY29tLm14IgogICAgfQogIF0KfQ"
}
2024-03-17 08:51:05,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 638
2024-03-17 08:51:05,992:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 17 Mar 2024 08:51:05 GMT
Content-Type: application/json
Content-Length: 638
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1302365696/253028355397
Replay-Nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2024-03-23T20:53:05Z",
"identifiers": [
{
"type": "dns",
"value": "chris.replaced.domain"
},
{
"type": "dns",
"value": "diskstation.replaced.domain"
},
{
"type": "dns",
"value": "ha.replaced.domain"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1302365696/253028355397"
}
2024-03-17 08:51:05,992:DEBUG:acme.client:Storing nonce: DWrB3gDtp3jrTxaPMrLYy56IhrwQ_z2KjI_LVRRepgoHZjp12MY
2024-03-17 08:51:05,993:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:05,995:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474137:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdHAzanJUeGFQTXJMWXk1NklocndRX3oyS2pJX0xWUlJlcGdvSFpqcDEyTVkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDEzNyJ9",
"signature": "EtaWvz-N4YJyTADBWIMLdz9TMIbB2R00BV-LsMYbcsPR_4xeHExGhREITwpG0hm_Xc9s2YqN2H74RY9nPkwReu0ZURATiB9TOsMniwN1R9oFhdmxwUeAbB9Czp3bOaa-uOkEBnfxnCfF0k1B_2Wt6lnjfDfKVx46Iax6sAXtxleGnqIKaYtV07y2JDzxwvS_26Zswy28s19i4nUxfUQXNxpXNYrHafOiC1RRV_kN3mTdaXYZJUWz7r8rTBeTHzDhjuAzmolSACbBGeDue9wI2ci01iPpBqwT2jNHOAJOf9nP7kcRmCOhpnX7_xKBJKbUwATCX_f3zsiLkE1fImWIUg",
"payload": ""
}
2024-03-17 08:51:06,162:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474137 HTTP/1.1" 200 1408
2024-03-17 08:51:06,163:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1408
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "chris.replaced.domain"
},
"status": "valid",
"expires": "2024-03-23T20:53:05Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474137/EkT6mQ",
"token": "nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"validationRecord": [
{
"url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"hostname": "chris.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x:x:x:x::x",
"resolverAddrs": [
"A:10.1.12.84:23951",
"AAAA:10.1.12.85:25056"
]
},
{
"url": "http://chris.replaced.domain/.well-known/acme-challenge/nVoEY_aQ-zAYX23qfVS4tuIeAlMILmlZ-puweAIzthA",
"hostname": "chris.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x.x.x.x",
"resolverAddrs": [
"A:10.1.12.84:23951",
"AAAA:10.1.12.85:25056"
]
}
],
"validated": "2024-02-22T20:52:51Z"
}
]
}
2024-03-17 08:51:06,164:DEBUG:acme.client:Storing nonce: DWrB3gDtOMmAHAArbyd15XfhT6aTTYK0SCiWl0smrBpPX0VkEAg
2024-03-17 08:51:06,165:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,169:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/318313474147:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdE9NbUFIQUFyYnlkMTVYZmhUNmFUVFlLMFNDaVdsMHNtckJwUFgwVmtFQWciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODMxMzQ3NDE0NyJ9",
"signature": "Ax20mnJCZNXQP5L7GzsTuYwCZJ1bZl4w4EDySQj1VR0_z5bcCXb8D2DoDFABV_477UGpgG9smCDLmQB95OkhJqGLOuYTmnEdMw5ktKphcIanU-8IPCCWWi7eMus_d7pVy3houCVFZQJzvao1dVspffiJka7s3xk1ovNLiPJNsT1349msyL0ubhvvPiIzxJDgym0wXqHt1AMjHviP0dhwZTPyFekSD5l4w_aRF6kVN--Rr-191qDG5n-kN-COo5OGXqIlEJqFa-OBxG2VcInWlssInG_HBd2ALP6ASNaCnFB0hQHQkQU6iAJdgquK3KggjdeAGdlbx1cdxJa8x5d7NQ",
"payload": ""
}
2024-03-17 08:51:06,340:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/318313474147 HTTP/1.1" 200 1438
2024-03-17 08:51:06,342:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 1438
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "diskstation.replaced.domain"
},
"status": "valid",
"expires": "2024-03-23T20:53:09Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318313474147/Sf9JFw",
"token": "0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"validationRecord": [
{
"url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"hostname": "diskstation.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x:x:x:x::x",
"resolverAddrs": [
"A:10.1.12.81:27532",
"AAAA:10.1.12.83:29977"
]
},
{
"url": "http://diskstation.replaced.domain/.well-known/acme-challenge/0OcqhmJfwT3MJ3X7KLEp2o--r4b_09eNAdRBQyo2oRw",
"hostname": "diskstation.replaced.domain",
"port": "80",
"addressesResolved": [
"x.x.x.x",
"x:x:x:x::x"
],
"addressUsed": "x.x.x.x",
"resolverAddrs": [
"A:10.1.12.81:27532",
"AAAA:10.1.12.83:29977"
]
}
],
"validated": "2024-02-22T20:52:52Z"
}
]
}
2024-03-17 08:51:06,342:DEBUG:acme.client:Storing nonce: DWrB3gDtYHs2lPBd1ybXQ0Kk3_YrJ8xASVDAKnKoFQrn2ewzarI
2024-03-17 08:51:06,343:DEBUG:acme.client:JWS payload:
b''
2024-03-17 08:51:06,345:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJEV3JCM2dEdFlIczJsUEJkMXliWFEwS2szX1lySjh4QVNWREFLbktvRlFybjJld3phckkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyNzI5NzI3MjkxNyJ9",
"signature": "GpJPVuLERrh4dBos65MXccEdzNMe0BI5fUvN_IGjCs-_SQziT0K4E1HjFVkrRmhPmmHGuDVNRPqE_1144RZdT6chCY5a8z8kv1zrvfizwomAhBDkE_lJyMEhABu3f0RrkRqV4cmIYz4hlbqvc86Pf8af3BZDDrpfTz_JKMcp55v1NmxzBHaTYS_qPioAa-DPSCOAk548yabZUepZI17O2d8mKni3eZcNSFYUD-mEX6YFWt-wO8kPwHCpOSyAe-JCHZIHjRuFNcCBafJM-c0gll-J1pRJ8rP-Nij8D5jgalIUzXq9UdfS-96syfrjC2cAw4Dn_-aGVPv4m1j8hx2kuw",
"payload": ""
}
2024-03-17 08:51:06,509:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/327297272917 HTTP/1.1" 200 802
2024-03-17 08:51:06,510:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 802
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "ha.replaced.domain"
},
"status": "pending",
"expires": "2024-03-24T08:51:05Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/yBVRCA",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/fSg17w",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
}
]
}
2024-03-17 08:51:06,510:DEBUG:acme.client:Storing nonce: aJwww7uyNyqd3d2lYChtWRWenG3b22l28MW_jEnmm2YElIJ8V_c
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-03-17 08:51:06,511:INFO:certbot._internal.auth_handler:http-01 challenge for ha.replaced.domain
2024-03-17 08:51:06,511:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2024-03-17 08:51:06,512:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2024-03-17 08:51:06,513:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY
2024-03-17 08:51:06,513:DEBUG:acme.client:JWS payload:
b'{}'
2024-03-17 08:51:06,516:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwMjM2NTY5NiIsICJub25jZSI6ICJhSnd3dzd1eU55cWQzZDJsWUNodFdSV2VuRzNiMjJsMjhNV19qRW5tbTJZRWxJSjhWX2MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyNzI5NzI3MjkxNy81TzA2M0EifQ",
"signature": "H5NiGjRQgAI89ZalYBFMj51j4hxnTik1fX8h_fs5BybV4FQC-ZSgZ2o0Flddb3Mq5HUaSzcvj8zl22oQEZ07XaHts5-sDzkReFbYDaS0ZtY_Andsa8Dkms9Licq3QLoyOwPVkDW0-oMrME8V93f1A_d6mLW0aQpNjXkE5RHCCAyMcOlY4ciIWTiWVXZhwTfEWXT8o7xgjLpicD-h4isz7dkvy2d1YR_JplocWyb3HjjydSnORK9e04kt8j7mRyzlmYKNvkXX2XOOb6YJT2RRrB0tQ4jA92lXP9s9kJRGy6zf7Fth2zkjdjvxXT3v3Z5FfVFEuZs1O7CS2k4f6jH8yA",
"payload": "e30"
}
2024-03-17 08:51:06,697:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/327297272917/5O063A HTTP/1.1" 200 187
2024-03-17 08:51:06,698:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 17 Mar 2024 08:51:06 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1302365696
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/327297272917>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A
Replay-Nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/327297272917/5O063A",
"token": "doBLhmfu_cXoimWigpbxDU33PgVfdnxre5JbajwbwYY"
}
2024-03-17 08:51:06,699:DEBUG:acme.client:Storing nonce: aJwww7uyOuZi4bGEDbnBDiwnOIpHBrREG7O0jQoxmUCIoxn_9rE
2024-03-17 08:51:06,699:INFO:certbot._internal.auth_handler:Waiting for verification...
from nginx-proxy-manager.
bluekitedreamer
commented on June 7, 2024
I would say to look at the log, but it doesn't look like it's mapped outside the container
See the logfile
/tmp/letsencrypt-log/letsencrypt.log
Do this command, it will print the lets encrypt log file to your commandline
docker exec -it [CONTAINER-NAME] cat /tmp/letsencrypt-log/letsencrypt.log
Take a look at why the lets encrypt authorization is failing
from nginx-proxy-manager.
bluekitedreamer
commented on June 7, 2024
Related
from nginx-proxy-manager.
chriszuercher
commented on June 7, 2024
I'm facing the same issue (and as well #3575 )
from nginx-proxy-manager.
tr1p0p
commented on June 7, 2024
Facing the same issue, now my domain is blocked and have to wait to have a working website.
Here's the logs of letsencrypt failure :
2024-03-11 11:36:09,948:DEBUG:certbot._internal.main:certbot version: 2.9.0
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-03-11 11:36:09,949:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-18', '--agree-tos', '--authenticator', 'webroot', '--email', '[email protected]', '--preferred-challenges', 'dns,http', '--domains', 'alchimia.ink']
2024-03-11 11:36:09,950:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-ovh,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-11 11:36:09,960:DEBUG:certbot._internal.log:Root logging level set at 30
2024-03-11 11:36:09,960:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550>
Prep: True
2024-03-11 11:36:09,961:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fff50e1e550> and installer None
2024-03-11 11:36:09,961:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-03-11 11:36:10,183:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1611770807', new_authzr_uri=None, terms_of_service=None), 401d9d1000388effb9661287e7722f52, Meta(creation_dt=datetime.datetime(2024, 3, 10, 17, 10, 24, tzinfo=<UTC>), creation_host='676e72629a1b', register_to_eff=None))>
2024-03-11 11:36:10,184:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-03-11 11:36:10,185:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-03-11 11:36:10,666:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-03-11 11:36:10,667:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"B17ZkHo5yvo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-03-11 11:36:10,668:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for alchimia.ink
2024-03-11 11:36:10,673:DEBUG:acme.client:Requesting fresh nonce
2024-03-11 11:36:10,673:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-03-11 11:36:10,829:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-03-11 11:36:10,829:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2024-03-11 11:36:10,829:DEBUG:acme.client:Storing nonce: gYWQdAkZCCcelzt412RV95uwVPw6XR9klTnaZu03vW6sdWa_wyc
2024-03-11 11:36:10,829:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "alchimia.ink"\n }\n ]\n}'
2024-03-11 11:36:10,838:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxMTc3MDgwNyIsICJub25jZSI6ICJnWVdRZEFrWkNDY2VsenQ0MTJSVjk1dXdWUHc2WFI5a2xUbmFadTAzdlc2c2RXYV93eWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "zSEA_2U3U-CMDYI0pgNxzKHxq6tXc2CVNwrnIwBUINKngQ5soar3VaUHWBon769gVo2m29Hz0NDqZVSpPf0BANCGN731dmSRpoTeIOUL0hYVwgTMzqIBQd2--wYf0xFZDqsKi6m029Eq1xPjTHeITGnUkOmkEdXcPahOUlEVQTob0xmo3h7NYNncMO_GhOyjVh9gJvMfeUmCft3WUJcHsJlTw8vzg5o2MsDvRwOKJjoovYfNBt8YLuVdN5RC5yPd4Enpfsu7zvrm2oa_YXLx4D3IHfUai333dhzNaFxCcn4_U2XB54yrJJ9yYJofrooEdjhXvvHz6bGpe7pgOco5sw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFsY2hpbWlhLmluayIKICAgIH0KICBdCn0"
}
2024-03-11 11:36:11,022:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 429 318
2024-03-11 11:36:11,023:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Mon, 11 Mar 2024 11:36:20 GMT
Content-Type: application/problem+json
Content-Length: 318
Connection: keep-alive
Boulder-Requester: 1611770807
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/docs/rate-limits>;rel="help"
Replay-Nonce: gYWQdAkZurGClJ-tPz0B3FolRsQB5R4WWBsotLeaiTEOH2098rA
Retry-After: 107650
{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}
2024-03-11 11:36:11,023:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/certbot/bin/certbot", line 8, in <module>
sys.exit(main())
^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 478, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 137, in new_order
response = self._post(self.directory['newOrder'], order)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 365, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 738, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 751, in _post_once
response = self._check_response(response, content_type=content_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/lib/python3.11/site-packages/acme/client.py", line 602, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:An unexpected error occurred:
2024-03-11 11:36:11,026:ERROR:certbot._internal.log:Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: alchimia.ink, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/
from nginx-proxy-manager.
chriszuercher
commented on June 7, 2024
Did anybody find a workarround or solution? My certificate will expire in the next days and cannot be renewed.
from nginx-proxy-manager.
bluekitedreamer
commented on June 7, 2024
@chriszuercher Post your lets encrypt log, take note of personal information (emails, domains) and remove it
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: <domain>, retry after 2024-03-12T17:30:31Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
You're hitting letsencrypts limit, use a wildcard instead for that domain
from nginx-proxy-manager.
Related Issues (20)
- A new /data/compose/3/v<x> directory is created with a vanilla database.sqlite whenever i pull new releases HOT 4
- 'force HTTPS' switch not recognized when creating new (proxy) host HOT 1
- ACLs does not work when using rootless HOT 1
- Cache purge for specific proxy host
- LE cert - error 403 HOT 1
- Document all available API endpoints HOT 3
- No peer certificate for SSL resulting in UNRECOGNIZED NAME error
- Ipv64.net - DNS challenge provider HOT 1
- Let's Encrypt Cloudflare Provider HOT 4
- [ADD] HTTP/3 + QUIC support
- No secured Web UI in the cluster
- cert-manager.com (Sectigo Network Agent) integration HOT 1
- Update HOT 1
- Very slow loading behind Cloudflare proxy HOT 1
- NPM Broken? Bad underlying tool sets? HOT 3
- Internal Error HOT 2
- Add support for armv7 with system page size of 32K
- Dahua IP camera and nginx reverse proxy HOT 5
- [ FEATURE REQUEST ] : categories
- Cannot get new SSL certificates on Debian 12 with rootless Docker
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-proxy-manager.