Let's encrypt SSL certificate expired: `urn:ietf:params:acme:error:rateLimited`

CamilleRoux · June 12, 2020, 8:07pm

Hi!

My SSL certificate has not been renewed. I found the following error in acme.sh.log :

[Fri 12 Jun 2020 07:57:40 PM UTC] HEAD
[Fri 12 Jun 2020 07:57:40 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 12 Jun 2020 07:57:40 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] POST
[Fri 12 Jun 2020 07:57:41 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 12 Jun 2020 07:57:41 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] code='429'
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_LinkOrder
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_OrderFinalize
[Fri 12 Jun 2020 07:57:41 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Do you know how can I fix that?

Falco · June 12, 2020, 8:25pm

Is this following our Discourse official Standard Installation? How did you end up requiring a certificate for example.com ?

CamilleRoux · June 12, 2020, 8:36pm

yes, it’s an old install on Digital Ocean with Docker (with multisite). Everything was OK with SSL before tonight.
I did a ./launcher rebuild app after a git pull and the error is still there in acme.sh.log:

Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Is it a good idea to change the email used for LETSENCRYPT_ACCOUNT_EMAIL?
Is it a problem with my account or a bug in the last versions of Discourse (I’m on beta) ?

Here is what I get when I run ./launcher logs web_only:

run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Fri 12 Jun 2020 08:34:04 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:04 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:06 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:06 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:07 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:07 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:08 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:08 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com.key
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com.cer
[Fri 12 Jun 2020 08:34:08 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:08 PM UTC] Reload error for :
[Fri 12 Jun 2020 08:34:09 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:09 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:11 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:11 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:12 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:12 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:13 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:13 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.key
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.cer
[Fri 12 Jun 2020 08:34:13 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:13 PM UTC] Reload error for :
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
Started runsvdir, PID is 2643
chgrp: invalid group: ‘syslog’
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.1901.0 try https://www.rsyslog.com/e/2145 ]
supervisor pid: 2648 unicorn pid: 2661

CamilleRoux · June 12, 2020, 9:06pm

I changed LETSENCRYPT_ACCOUNT_EMAIL, did a rebuild and it’s working again. But I’m curious to know what happened.

Topic		Replies	Views
Letsencrypt issues bug	7	658	September 2, 2021
Let's Encrypt cert renewals (suddenly) failing installation	27	2346	January 27, 2022
Let's Encrypt renewal errors installation	11	1636	February 22, 2020
Letsencrypt certificate failure to renew support	11	1269	October 8, 2021
Installation produced broken, zero byte certificate installation letsencrypt	10	1953	September 14, 2022

Let's encrypt SSL certificate expired: `urn:ietf:params:acme:error:rateLimited`

Related Topics