Let's encrypt SSL certificate expired: `urn:ietf:params:acme:error:rateLimited`

CamilleRoux · June 12, 2020, 8:07pm

Hi!

My SSL certificate has not been renewed. I found the following error in acme.sh.log :

[Fri 12 Jun 2020 07:57:40 PM UTC] HEAD
[Fri 12 Jun 2020 07:57:40 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 12 Jun 2020 07:57:40 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] POST
[Fri 12 Jun 2020 07:57:41 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 12 Jun 2020 07:57:41 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] code='429'
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_LinkOrder
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_OrderFinalize
[Fri 12 Jun 2020 07:57:41 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Do you know how can I fix that?

Falco · June 12, 2020, 8:25pm

Is this following our Discourse official Standard Installation? How did you end up requiring a certificate for example.com ?

CamilleRoux · June 12, 2020, 8:36pm

yes, it’s an old install on Digital Ocean with Docker (with multisite). Everything was OK with SSL before tonight.
I did a ./launcher rebuild app after a git pull and the error is still there in acme.sh.log:

Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Is it a good idea to change the email used for LETSENCRYPT_ACCOUNT_EMAIL?
Is it a problem with my account or a bug in the last versions of Discourse (I’m on beta) ?

Here is what I get when I run ./launcher logs web_only:

run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Fri 12 Jun 2020 08:34:04 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:04 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:06 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:06 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:07 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:07 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:08 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:08 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com.key
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com.cer
[Fri 12 Jun 2020 08:34:08 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:08 PM UTC] Reload error for :
[Fri 12 Jun 2020 08:34:09 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:09 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:11 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:11 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:12 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:12 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:13 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:13 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.key
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.cer
[Fri 12 Jun 2020 08:34:13 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:13 PM UTC] Reload error for :
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
Started runsvdir, PID is 2643
chgrp: invalid group: ‘syslog’
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.1901.0 try https://www.rsyslog.com/e/2145 ]
supervisor pid: 2648 unicorn pid: 2661

CamilleRoux · June 12, 2020, 9:06pm

I changed LETSENCRYPT_ACCOUNT_EMAIL, did a rebuild and it’s working again. But I’m curious to know what happened.

Topic		Replies	Views
Letsencrypt issues Bug	7	775	September 2, 2021
Let's Encrypt SSL Certificate Not Renewing Support letsencrypt	1	40	October 23, 2024
Let's Encrypt cert renewals (suddenly) failing Installation	27	2657	January 27, 2022
Let's Encrypt renewal errors Installation	11	1744	February 22, 2020
Letsencrypt certificate failure to renew Support	11	1451	October 8, 2021

Let's encrypt SSL certificate expired: `urn:ietf:params:acme:error:rateLimited`

Related topics