Issue: Error in getting SSL (429 too many request)

[m-hoseyny]

Contact Details

mohammad.hoseyny@gmail.com

What happened?

Hello,

I want to implement the Netmaker on my server. I used the wizard script to install the project. However, I got an error about too many requests 429 in caddy system.

You can see the log of my caddy container:

{"level":"error","ts":1679126151.1024916,"logger":"tls.obtain","msg":"will retry","error":"[api.wg.redash.top] Obtain: registering account [mailto:6551225539e9df6d@email.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n","attempt":1,"retrying_in":60,"elapsed":1.366476004,"max_duration":2592000}
{"level":"error","ts":1679126151.1028392,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"dashboard.wg.redash.top","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:6551225539e9df6d@email.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"}
{"level":"error","ts":1679126151.1033058,"logger":"tls.obtain","msg":"will retry","error":"[dashboard.wg.redash.top] Obtain: registering account [mailto:6551225539e9df6d@email.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n","attempt":1,"retrying_in":60,"elapsed":1.378300728,"max_duration":2592000}
{"level":"info","ts":1679126151.2221487,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["broker.wg.redash.top"],"ca":"https://acme.zerossl.com/v2/DV90","account":"6551225539e9df6d@email.com"}
{"level":"info","ts":1679126151.2226596,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["broker.wg.redash.top"],"ca":"https://acme.zerossl.com/v2/DV90","account":"6551225539e9df6d@email.com"}
{"level":"info","ts":1679126151.6550982,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"broker.wg.redash.top","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1679126153.04723,"logger":"http","msg":"served key authentication","identifier":"broker.wg.redash.top","challenge":"http-01","remote":"91.199.212.132:33758","distributed":false}
{"level":"info","ts":1679126157.428166,"logger":"http.acme_client","msg":"authorization finalized","identifier":"broker.wg.redash.top","authz_status":"valid"}
{"level":"info","ts":1679126157.4289343,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/LD3I7MLOH5vqhmfOXkIXnw"}
{"level":"info","ts":1679126173.0271654,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/11Semhadt5txT3mgJhAByQ"}
{"level":"info","ts":1679126173.0322647,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"broker.wg.redash.top"}
{"level":"info","ts":1679126173.0335598,"logger":"tls.obtain","msg":"releasing lock","identifier":"broker.wg.redash.top"}
{"level":"info","ts":1679126211.1047826,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"api.wg.redash.top"}
{"level":"info","ts":1679126211.1120212,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"dashboard.wg.redash.top"}
{"level":"info","ts":1679126211.6937528,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"api.wg.redash.top","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1679126211.7253785,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"dashboard.wg.redash.top","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1679126212.440305,"logger":"http","msg":"served key authentication","identifier":"api.wg.redash.top","challenge":"http-01","remote":"91.199.212.132:40052","distributed":false}
{"level":"info","ts":1679126213.1421356,"logger":"http","msg":"served key authentication","identifier":"dashboard.wg.redash.top","challenge":"http-01","remote":"91.199.212.132:40124","distributed":false}
{"level":"info","ts":1679126217.4488242,"logger":"http.acme_client","msg":"authorization finalized","identifier":"dashboard.wg.redash.top","authz_status":"valid"}
{"level":"info","ts":1679126217.449497,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/WeP915UsvV5u1tGCbhbLyA"}
{"level":"info","ts":1679126217.6442735,"logger":"http.acme_client","msg":"authorization finalized","identifier":"api.wg.redash.top","authz_status":"valid"}
{"level":"info","ts":1679126217.6443193,"logger":"http.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme.zerossl.com/v2/DV90/order/eDzJWFqVy8__DAXn25P0sQ"}
{"level":"info","ts":1679126232.9576597,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/FI6Zpity_tPWLlHZx-l5Ow"}
{"level":"info","ts":1679126232.9603858,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"dashboard.wg.redash.top"}
{"level":"info","ts":1679126232.9614065,"logger":"tls.obtain","msg":"releasing lock","identifier":"dashboard.wg.redash.top"}
{"level":"info","ts":1679126233.2585142,"logger":"http.acme_client","msg":"successfully downloaded available certificate chains","count":1,"first_url":"https://acme.zerossl.com/v2/DV90/cert/RDJmefl_vuj08dD1gTC4Xw"}
{"level":"info","ts":1679126233.2613435,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"api.wg.redash.top"}
{"level":"info","ts":1679126233.2625718,"logger":"tls.obtain","msg":"releasing lock","identifier":"api.wg.redash.top"}

When I open dashbord.wg or api.wg or broker.app I get certificate error.

Could you please help me to solve this issue? I know this is caddy issue but I cannot find anything about it.

[TonyBostonTB]

same here, not possible to install netmaker without working zerossl

[oliob]

same here too. {"level":"error","ts":1679948666.2064757,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"broker.myredacted.server","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:admin@myredacted.server] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"} {"level":"error","ts":1679948666.2066092,"logger":"tls.obtain","msg":"will retry","error":"[broker.myredacted.server] Obtain: registering account [mailto:admin@myredacted.server] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n","attempt":1,"retrying_in":60,"elapsed":0.980024638,"max_duration":2592000}

[afeiszli]

There is an ongoing issue with ZeroSSL as documented here: cert-manager/cert-manager#5867

As a temporary workaround. After running the nm-quick installer and seeing the Caddy errors:

1. docker-compose down --volumes
2. edit Caddyfile and comment out the acme_ca line (e.g: # acme_ca https://acme.zerossl.com/v2/DV90)
3. docker-compose up -d

There is a possibility that LetsEncrypt will rate limit as well but this should be better.

[afeiszli]

Merged https://github.com/gravitl/netmaker/pull/2147 Should resolve for now. Will revert back to ZeroSSL once the issue is resolved.