Widmo
commented
2 years ago Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Open marineboy0122 opened 2 years ago
Widmo
commented
2 years ago Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Steps to reproduce
Debug log
root@NAS:/usr/local/share/acme.sh# ./acme.sh --issue --home . -d 'domain.net' -d '.domain.net' --dns "$CERT_DNS" --debug [Mon Jan 10 16:52:15 KST 2022] Lets find script dir. [Mon Jan 10 16:52:15 KST 2022] SCRIPT='./acme.sh' [Mon Jan 10 16:52:15 KST 2022] _script='/usr/local/share/acme.sh/acme.sh' [Mon Jan 10 16:52:15 KST 2022] _script_home='/usr/local/share/acme.sh' [Mon Jan 10 16:52:15 KST 2022] Using config home:. https://github.com/acmesh-official/acme.sh v3.0.2 [Mon Jan 10 16:52:15 KST 2022] Running cmd: issue [Mon Jan 10 16:52:15 KST 2022] _main_domain='domain.net' [Mon Jan 10 16:52:15 KST 2022] _alt_domains='.domain.net' [Mon Jan 10 16:52:15 KST 2022] Using config home:. [Mon Jan 10 16:52:15 KST 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:52:15 KST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:52:15 KST 2022] DOMAIN_PATH='./domain.net' [Mon Jan 10 16:52:15 KST 2022] Le_NextRenewTime='1633176344' [Mon Jan 10 16:52:15 KST 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:52:15 KST 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:52:15 KST 2022] GET [Mon Jan 10 16:52:15 KST 2022] url='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:52:15 KST 2022] timeout= [Mon Jan 10 16:52:15 KST 2022] _CURL='curl --silent --dump-header ./http.header -L -g ' [Mon Jan 10 16:52:28 KST 2022] ret='0' [Mon Jan 10 16:52:28 KST 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Mon Jan 10 16:52:28 KST 2022] ACME_NEW_AUTHZ [Mon Jan 10 16:52:28 KST 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:52:28 KST 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Mon Jan 10 16:52:28 KST 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Mon Jan 10 16:52:28 KST 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Mon Jan 10 16:52:28 KST 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Jan 10 16:52:28 KST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:52:28 KST 2022] _on_before_issue [Mon Jan 10 16:52:28 KST 2022] _chk_main_domain='domain.net' [Mon Jan 10 16:52:28 KST 2022] _chk_alt_domains='.domain.net' [Mon Jan 10 16:52:28 KST 2022] Le_LocalAddress [Mon Jan 10 16:52:28 KST 2022] d='domain.net' [Mon Jan 10 16:52:28 KST 2022] Check for domain='domain.net' [Mon Jan 10 16:52:28 KST 2022] _currentRoot='dns_cf' [Mon Jan 10 16:52:28 KST 2022] d='.domain.net' [Mon Jan 10 16:52:28 KST 2022] Check for domain='.domain.net' [Mon Jan 10 16:52:28 KST 2022] _currentRoot='dns_cf' [Mon Jan 10 16:52:28 KST 2022] d [Mon Jan 10 16:52:28 KST 2022] _saved_account_key_hash is not changed, skip register account. [Mon Jan 10 16:52:29 KST 2022] Read key length: [Mon Jan 10 16:52:29 KST 2022] _createcsr [Mon Jan 10 16:52:29 KST 2022] Multi domain='DNS:domain.net,DNS:.domain.net' [Mon Jan 10 16:52:29 KST 2022] Getting domain auth token for each domain [Mon Jan 10 16:52:29 KST 2022] d='.domain.net' [Mon Jan 10 16:52:29 KST 2022] d [Mon Jan 10 16:52:29 KST 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:52:29 KST 2022] payload='{"identifiers": [{"type":"dns","value":"domain.net"},{"type":"dns","value":".domain.net"}]}' [Mon Jan 10 16:52:29 KST 2022] RSA key [Mon Jan 10 16:52:29 KST 2022] HEAD [Mon Jan 10 16:52:29 KST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Jan 10 16:52:29 KST 2022] _CURL='curl --silent --dump-header ./http.header -L -g -I ' [Mon Jan 10 16:52:30 KST 2022] _ret='0' [Mon Jan 10 16:52:30 KST 2022] POST [Mon Jan 10 16:52:30 KST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:52:30 KST 2022] _CURL='curl --silent --dump-header ./http.header -L -g ' [Mon Jan 10 16:52:31 KST 2022] _ret='0' [Mon Jan 10 16:52:31 KST 2022] code='429' [Mon Jan 10 16:52:31 KST 2022] Le_LinkOrder [Mon Jan 10 16:52:31 KST 2022] Le_OrderFinalize [Mon Jan 10 16:52:31 KST 2022] Create new order error. Le_OrderFinalize not found. { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 } [Mon Jan 10 16:52:31 KST 2022] pid [Mon Jan 10 16:52:31 KST 2022] No need to restore nginx, skip. [Mon Jan 10 16:52:31 KST 2022] _clearupdns [Mon Jan 10 16:52:31 KST 2022] dns_entries [Mon Jan 10 16:52:31 KST 2022] skip dns. [Mon Jan 10 16:52:31 KST 2022] _on_issue_err [Mon Jan 10 16:52:31 KST 2022] Please add '--debug' or '--log' to check more details. [Mon Jan 10 16:52:31 KST 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Jan 10 16:52:31 KST 2022] socat doesn't exist. [Mon Jan 10 16:52:31 KST 2022] Diagnosis versions: openssl:openssl OpenSSL 1.0.2u-fips 20 Dec 2019 apache: apache doesn't exist. nginx: nginx version: nginx/1.16.1 TLS SNI support enabled
root@NAS:/usr/local/share/acme.sh# ./acme.sh --issue --home . -d 'domain.net' -d '.domain.net' --dns "$CERT_DNS" --debug 2 [Mon Jan 10 16:56:05 KST 2022] Lets find script dir. [Mon Jan 10 16:56:05 KST 2022] SCRIPT='./acme.sh' [Mon Jan 10 16:56:05 KST 2022] _script='/usr/local/share/acme.sh/acme.sh' [Mon Jan 10 16:56:05 KST 2022] _script_home='/usr/local/share/acme.sh' [Mon Jan 10 16:56:05 KST 2022] Using config home:. [Mon Jan 10 16:56:05 KST 2022] LE_WORKING_DIR='.' https://github.com/acmesh-official/acme.sh v3.0.2 [Mon Jan 10 16:56:05 KST 2022] Running cmd: issue [Mon Jan 10 16:56:05 KST 2022] _main_domain='domain.net' [Mon Jan 10 16:56:05 KST 2022] _alt_domains='.domain.net' [Mon Jan 10 16:56:05 KST 2022] Using config home:. [Mon Jan 10 16:56:05 KST 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:56:05 KST 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:56:05 KST 2022] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Mon Jan 10 16:56:05 KST 2022] _ACME_SERVER_PATH='directory' [Mon Jan 10 16:56:05 KST 2022] DOMAIN_PATH='./domain.net' [Mon Jan 10 16:56:05 KST 2022] 'dns_cf' does not contain 'dns' [Mon Jan 10 16:56:05 KST 2022] Le_NextRenewTime='1633176344' [Mon Jan 10 16:56:05 KST 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:56:05 KST 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:56:05 KST 2022] GET [Mon Jan 10 16:56:05 KST 2022] url='https://acme-v02.api.letsencrypt.org/directory' [Mon Jan 10 16:56:05 KST 2022] timeout= [Mon Jan 10 16:56:05 KST 2022] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.tP6emocMWB -g ' [Mon Jan 10 16:56:06 KST 2022] ret='0' [Mon Jan 10 16:56:06 KST 2022] response='{ "OJyKVrXRr74": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' [Mon Jan 10 16:56:06 KST 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Mon Jan 10 16:56:06 KST 2022] ACME_NEW_AUTHZ [Mon Jan 10 16:56:06 KST 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:56:06 KST 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Mon Jan 10 16:56:06 KST 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Mon Jan 10 16:56:06 KST 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Mon Jan 10 16:56:06 KST 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Jan 10 16:56:06 KST 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Mon Jan 10 16:56:06 KST 2022] _on_before_issue [Mon Jan 10 16:56:06 KST 2022] _chk_main_domain='domain.net' [Mon Jan 10 16:56:06 KST 2022] _chk_alt_domains='.domain.net' [Mon Jan 10 16:56:06 KST 2022] 'dns_cf' does not contain 'no' [Mon Jan 10 16:56:06 KST 2022] Le_LocalAddress [Mon Jan 10 16:56:06 KST 2022] d='domain.net' [Mon Jan 10 16:56:06 KST 2022] Check for domain='domain.net' [Mon Jan 10 16:56:06 KST 2022] _currentRoot='dns_cf' [Mon Jan 10 16:56:06 KST 2022] d='.domain.net' [Mon Jan 10 16:56:06 KST 2022] Check for domain='.domain.net' [Mon Jan 10 16:56:06 KST 2022] _currentRoot='dns_cf' [Mon Jan 10 16:56:06 KST 2022] d [Mon Jan 10 16:56:06 KST 2022] 'dns_cf' does not contain 'apache' [Mon Jan 10 16:56:06 KST 2022] _saved_account_key_hash='4YiV0DIsA1QXh2A8E78=' [Mon Jan 10 16:56:06 KST 2022] _saved_account_key_hash is not changed, skip register account. [Mon Jan 10 16:56:06 KST 2022] Read key length: [Mon Jan 10 16:56:06 KST 2022] _createcsr [Mon Jan 10 16:56:06 KST 2022] domain='domain.net' [Mon Jan 10 16:56:06 KST 2022] domainlist='.domain.net' [Mon Jan 10 16:56:06 KST 2022] csrkey='./domain.net/domain.net.key' [Mon Jan 10 16:56:06 KST 2022] csr='./domain.net/domain.net.csr' [Mon Jan 10 16:56:06 KST 2022] csrconf='./domain.net/domain.net.csr.conf' [Mon Jan 10 16:56:06 KST 2022] _is_idn_d='.domain.net' [Mon Jan 10 16:56:06 KST 2022] _idn_temp [Mon Jan 10 16:56:06 KST 2022] domainlist='.domain.net' [Mon Jan 10 16:56:06 KST 2022] seg='domain' [Mon Jan 10 16:56:06 KST 2022] _is_idn_d='domain.net' [Mon Jan 10 16:56:07 KST 2022] _idn_temp [Mon Jan 10 16:56:07 KST 2022] seg='.domain.net' [Mon Jan 10 16:56:07 KST 2022] Multi domain='DNS:domain.net,DNS:.domain.net' [Mon Jan 10 16:56:07 KST 2022] _is_idn_d='domain.net' [Mon Jan 10 16:56:07 KST 2022] _idn_temp [Mon Jan 10 16:56:07 KST 2022] _csr_cn='domain.net' [Mon Jan 10 16:56:07 KST 2022] Getting domain auth token for each domain [Mon Jan 10 16:56:07 KST 2022] seg='domain' [Mon Jan 10 16:56:07 KST 2022] _is_idn_d='domain.net' [Mon Jan 10 16:56:07 KST 2022] _idn_temp [Mon Jan 10 16:56:07 KST 2022] d='.domain.net' [Mon Jan 10 16:56:07 KST 2022] seg='.domain.net' [Mon Jan 10 16:56:07 KST 2022] _is_idn_d='.domain.net' [Mon Jan 10 16:56:07 KST 2022] _idn_temp [Mon Jan 10 16:56:07 KST 2022] d [Mon Jan 10 16:56:07 KST 2022] _identifiers='{"type":"dns","value":"domain.net"},{"type":"dns","value":".domain.net"}' [Mon Jan 10 16:56:07 KST 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:56:07 KST 2022] payload='{"identifiers": [{"type":"dns","value":"domain.net"},{"type":"dns","value":"*.domain.net"}]}' [Mon Jan 10 16:56:07 KST 2022] RSA key [Mon Jan 10 16:56:07 KST 2022] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Jan 10 16:56:07 KST 2022] HEAD [Mon Jan 10 16:56:07 KST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Jan 10 16:56:07 KST 2022] body [Mon Jan 10 16:56:07 KST 2022] _postContentType='application/jose+json' [Mon Jan 10 16:56:07 KST 2022] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.Rqr5SyX0oh -g -I ' [Mon Jan 10 16:56:08 KST 2022] _ret='0' [Mon Jan 10 16:56:08 KST 2022] _headers='HTTP/2 200 server: nginx date: Mon, 10 Jan 2022 07:56:08 GMT cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: 0101w10LL-QwvrPLI_daRRRDAZiSfc81Qdgh5w1_ajZuQR8 x-frame-options: DENY strict-transport-security: max-age=604800 ' [Mon Jan 10 16:56:08 KST 2022] _CACHED_NONCE='0101w10LL-QwvrPLI_daRRRDAZiSfc81Qdgh5w1_ajZuQR8' [Mon Jan 10 16:56:08 KST 2022] nonce='0101w10LL-QwvrPLI_daRRRDAZiSfc81Qdgh5w1_ajZuQR8' [Mon Jan 10 16:56:08 KST 2022] POST [Mon Jan 10 16:56:08 KST 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Jan 10 16:56:08 KST 2022] body='{"protected": "eyJub25jZSI6ICIwMTAxdzEwTEwtUXd2clBMSV9kYVJSUkRBWmlTZmM4MVFkZ2g1dzFfYWpadVFSOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuYNjdC8xMTY0NTQ0NjcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJva21jLm5ldCJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5yb2ttYy5uZXQifV19", "signature": "DwylL0llXEcQEVisMPg88lXfhZTwB8UXjqdMs60JN8fwxvu6kkXWJ7S-JAK7w0p4-VVEW9pRrleNmTGh7SgUAwXvrSM9vcnTTjhCJN9HpPzFNQXaW1VXfgFkoFezgtAe8uKMjXgPKHfi5P8WBVd-U0_9g3o-t-9vOwG5UiDaNhnV7ohtfs2xkXHzVPH7p2FubVa-znnWqgutG3OaXlMnv0Vzhq-bW2aiED6MtOsaPXfUQ"}' [Mon Jan 10 16:56:08 KST 2022] _postContentType='application/jose+json' [Mon Jan 10 16:56:08 KST 2022] Http already initialized. [Mon Jan 10 16:56:08 KST 2022] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.Rqr5SyX0oh -g ' [Mon Jan 10 16:56:09 KST 2022] _ret='0' [Mon Jan 10 16:56:09 KST 2022] responseHeaders='HTTP/2 429 server: nginx date: Mon, 10 Jan 2022 07:56:08 GMT content-type: application/problem+json content-length: 201 boulder-requester: 116454467 cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: 0102BEKBAxYrDfqMoT_k6FybfqyPSkY3HotaEDE-c1p9tuU ' [Mon Jan 10 16:56:09 KST 2022] code='429' [Mon Jan 10 16:56:09 KST 2022] original='{ "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }' [Mon Jan 10 16:56:09 KST 2022] response='{ "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 }' [Mon Jan 10 16:56:09 KST 2022] Le_LinkOrder [Mon Jan 10 16:56:09 KST 2022] Le_OrderFinalize [Mon Jan 10 16:56:09 KST 2022] Create new order error. Le_OrderFinalize not found. { "type": "urn:ietf:params:acme:error:rateLimited", "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/", "status": 429 } [Mon Jan 10 16:56:09 KST 2022] pid [Mon Jan 10 16:56:09 KST 2022] No need to restore nginx, skip. [Mon Jan 10 16:56:09 KST 2022] _clearupdns [Mon Jan 10 16:56:09 KST 2022] dns_entries [Mon Jan 10 16:56:09 KST 2022] skip dns. [Mon Jan 10 16:56:09 KST 2022] _on_issue_err [Mon Jan 10 16:56:09 KST 2022] Please add '--debug' or '--log' to check more details. [Mon Jan 10 16:56:09 KST 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Jan 10 16:56:09 KST 2022] _chk_vlist [Mon Jan 10 16:56:09 KST 2022] socat doesn't exist. [Mon Jan 10 16:56:09 KST 2022] Diagnosis versions: openssl:openssl OpenSSL 1.0.2u-fips 20 Dec 2019 apache: apache doesn't exist. nginx: nginx version: nginx/1.16.1 TLS SNI support enabled