Hello,
since a few days I cannot install new certificates for sub-servers using Let's Encrypt.
I setup the sub-servers exactly in the same way as I always did (which have been working so far), I request the certificates also in the same exact way (which have been working so far).
But since a few days, I get this kind of error (I edited the domain name to example.com
):
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying example.com...
Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 203, in <module>
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 199, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "/usr/share/webmin/webmin/acme_tiny.py", line 109, in get_crt
raise ValueError("Error requesting challenges: {0} {1}".format(code, result))
ValueError: Error requesting challenges: 429 {
"type": "urn:acme:error:rateLimited",
"detail": "Error creating new authz :: too many currently pending authorizations",
"status": 429
}
I get this error already on the first certificate request for any newly added sub-server.
I never got this error before and I already requested certificates for a dozen of sub-servers (over a period of something like 3 months).
When requesting certificates, I always set certificates to be renewed automatically after 2 months.
I looked for the expiration date of currently installed certificates.
It looks like the automatic renewal is also failing because I now have some certificates expiring in only a few days... while they should have been renewed automatically a few weeks ago.
I thought it could come from the automatic renewal of certificates. Maybe the Let's Encrypt module is trying to renew too many certificates at once lately and therefore these too many current authorizations
.
But I cannot find where the logs for the Let's Encrypt renewal are kept.
And I cannot find where the cronjobs for the Let's Encrypt renewal are kept.
Any idea how I can solve and / or debug this?
Thank you in advance, any help / advice / suggestion is highly appreciated...
It seems to me that indeed this is Let's Encrypt blocking your server. Let's Encrypt does have a limit on the number of certs/renewals and subdomains you can request to avoid abuses. Check if you are not hitting those limits.
Here: https://letsencrypt.org/docs/rate-limits/