Caddy SSL request fails (429 Too Many Requests)

houmie · August 5, 2023, 8:36pm

Hello,

I’m not sure why I’m getting these errors.

{"level":"error","ts":1691267206.930138,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267207.079954,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1242921726/199653551336) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267207.6842313,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267207.85555,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1242921716/199653551286) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267208.291993,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:info@vc.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"}
{"level":"error","ts":1691267208.2922502,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: registering account [mailto:info@vc.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n","attempt":1,"retrying_in":60,"elapsed":3.484654435,"max_duration":2592000}
{"level":"error","ts":1691267209.3436668,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267210.172685,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/DC6zuPmRnICx1zJJvSL6yw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267210.1729486,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/DC6zuPmRnICx1zJJvSL6yw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":5.370150786,"max_duration":2592000}
{"level":"error","ts":1691267270.1334164,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267270.2858694,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137010184) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267271.4079592,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267271.4672444,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267271.5604403,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137010374) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267271.6332047,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/wu-JPhDA17DdQACtacQtzA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267271.6333039,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/wu-JPhDA17DdQACtacQtzA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":66.825708142,"max_duration":2592000}
{"level":"error","ts":1691267272.567798,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267272.6546175,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/JU_DdBXAJEnpMwKhtF41HA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267272.6548023,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/JU_DdBXAJEnpMwKhtF41HA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":67.852018351,"max_duration":2592000}
{"level":"error","ts":1691267393.0095003,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267393.1674342,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137034244) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267394.1849027,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267394.3374498,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137034394) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267394.5756516,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267394.6929145,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_tMYF0iIgX5GodIk0QjrgQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267394.6931355,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_tMYF0iIgX5GodIk0QjrgQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":189.885539228,"max_duration":2592000}
{"level":"error","ts":1691267395.3643174,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267395.4991875,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/nwXTP3DpVHbQo5Zhrd-xgg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267395.49932,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/nwXTP3DpVHbQo5Zhrd-xgg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":190.696536259,"max_duration":2592000}
{"level":"error","ts":1691267516.0232174,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267516.1744847,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137056654) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267516.7868674,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267516.9394705,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137056764) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267517.8971953,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267517.979145,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XE7POfL5hMZ45yW1yTxsZw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267517.9794145,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XE7POfL5hMZ45yW1yTxsZw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":313.171817961,"max_duration":2592000}
{"level":"error","ts":1691267518.6206877,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267518.7350492,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XKWykm27grCS_P8sxt03Zg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267518.7352262,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XKWykm27grCS_P8sxt03Zg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":313.932442171,"max_duration":2592000}

This is the config:

{
  "admin": {
    "disabled": true
  },
  "logging": {
    "logs": {
      "default": {
        "writer": {
          "output": "file",
          "filename": "/var/log/caddy/error.log"
        },
        "level": "ERROR"
      }
    }
  },
  "apps": {
    "http": {
      "servers": {
        "myserver1": {
          "listen": [":80"],
          "routes": [{
            "handle": [{
              "handler": "static_response",
              "headers": {
                "Location": ["https://{http.request.host}{http.request.uri}"]
              },
              "status_code": 301
            }]
          }]
        },
        "myserver2": {
          "listen": [":443"],
          "routes": [{
            "handle": [{
              "handler": "file_server",
              "root": "/var/www/html"
            }]
          },
          {
            "handle": [{
              "handler": "headers",
              "response": {
                "set": {
                  "Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"]
                }
              }
            },
            {
              "handler": "file_server",
              "root": "/var/www/html"
            }]
          }]
        }
      }
    },
    "tls": {
      "certificates": {
        "automate": [
          "kindalikeme.com",
          "*.kindalikeme.com"
        ]
      },
      "automation": {
        "policies": [
          {
            "issuers": [
              {
                "module": "acme",
                "email": "info@vc.com",
                "challenges": {
                  "dns": {
                    "provider": {
                      "name": "cloudflare",
                      "api_token": "{env.CLOUDFLARE_API_TOKEN}"
                    }
                  }
                }
              },
              {
                "module": "zerossl",
                "email": "info@vc.com",
                "challenges": {
                  "dns": {
                    "provider": {
                      "name": "cloudflare",
                      "api_token": "{env.CLOUDFLARE_API_TOKEN}"
                    }
                  }
                }
              }
            ]
          }
        ]
      }
    }
  }
}

What am I missing please?

matt · August 5, 2023, 8:59pm

The “invalid request headers” error from Cloudflare usually means your API token is wrong (which is a dumb error, but we see that all the time and verifying the API token is almost always the fix).

Unless you fill out the help template, we’re unable to help you any further though due to missing information.

houmie · August 5, 2023, 9:49pm

Thank you Matt. You helped me already.

I had a typo in the API Token variable name in my bash script. This failed silently the the API Token was empty. I wished there was a more obvious error message for this.

system · September 4, 2023, 9:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.