Срок действия SSL-сертификата Let's Encrypt истек: `urn:ietf:params:acme:error:rateLimited`

CamilleRoux · 12.Июнь.2020 20:07:31

Привет!

Мой SSL-сертификат не был продлён. В файле acme.sh.log я обнаружил следующую ошибку:

[Fri 12 Jun 2020 07:57:40 PM UTC] HEAD
[Fri 12 Jun 2020 07:57:40 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 12 Jun 2020 07:57:40 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g  -I  '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] POST
[Fri 12 Jun 2020 07:57:41 PM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 12 Jun 2020 07:57:41 PM UTC] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  -g '
[Fri 12 Jun 2020 07:57:41 PM UTC] _ret='0'
[Fri 12 Jun 2020 07:57:41 PM UTC] code='429'
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_LinkOrder
[Fri 12 Jun 2020 07:57:41 PM UTC] Le_OrderFinalize
[Fri 12 Jun 2020 07:57:41 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Подскажите, пожалуйста, как это исправить?

Falco · 12.Июнь.2020 20:25:22

Следует ли это официальному стандартному установочному процессу Discourse? Как получилось, что для example.com потребовался сертификат?

CamilleRoux · 12.Июнь.2020 20:36:04

Да, это старая установка на Digital Ocean с Docker (с мультисайтом). До сегодняшнего вечера со SSL всё было в порядке.
Я выполнил ./launcher rebuild app после git pull, но ошибка в acme.sh.log осталась:

Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

Хорошая ли идея изменить электронную почту, используемую для LETSENCRYPT_ACCOUNT_EMAIL?
Это проблема с моим аккаунтом или баг в последних версиях Discourse (я на бета-версии)?

Вот что я получаю при запуске ./launcher logs web_only:

run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Fri 12 Jun 2020 08:34:04 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:04 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:06 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:06 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:07 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:07 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:08 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:08 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com.key
[Fri 12 Jun 2020 08:34:08 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com.cer
[Fri 12 Jun 2020 08:34:08 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:08 PM UTC] Reload error for :
[Fri 12 Jun 2020 08:34:09 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:09 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:11 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:11 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
[Fri 12 Jun 2020 08:34:12 PM UTC] Multi domain='DNS:forum.pragmaticentrepreneurs.com,DNS:entraidecoronavirus.fr,DNS:www.entraidecoronavirus.fr,DNS:forum.noschangements.fr,DNS:forum.pragmaticentrepreneurs.com'
[Fri 12 Jun 2020 08:34:12 PM UTC] Getting domain auth token for each domain
[Fri 12 Jun 2020 08:34:13 PM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri 12 Jun 2020 08:34:13 PM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing key to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.key
[Fri 12 Jun 2020 08:34:13 PM UTC] Installing full chain to:/shared/ssl/forum.pragmaticentrepreneurs.com_ecc.cer
[Fri 12 Jun 2020 08:34:13 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri 12 Jun 2020 08:34:13 PM UTC] Reload error for :
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
CN = forum.pragmaticentrepreneurs.com
error 10 at 0 depth lookup: certificate has expired
Started runsvdir, PID is 2643
chgrp: invalid group: ‘syslog’
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.1901.0 try https://www.rsyslog.com/e/2145 ]
supervisor pid: 2648 unicorn pid: 2661

CamilleRoux · 12.Июнь.2020 21:06:57

Я изменил LETSENCRYPT_ACCOUNT_EMAIL, сделал пересборку, и всё снова работает. Но мне интересно узнать, что произошло.

Тема		Ответов	Просм.
Let's encrypt not renewing Bug	2	1178	31.03.2017
When should LetsEncrypt renew? Self-hosting	6	545	19.07.2021
Installation produced broken, zero byte certificate Self-hosting letsencrypt	10	2188	14.09.2022
Letsencrypt not renewing Self-hosting	6	1533	08.06.2024
Let's Encrypt renewal errors Self-hosting	11	1902	22.02.2020

Срок действия SSL-сертификата Let's Encrypt истек: `urn:ietf:params:acme:error:rateLimited`

Связанные темы