Caddy SSL request fails (429 Too Many Requests)

Hello,

I’m not sure why I’m getting these errors.

{"level":"error","ts":1691267206.930138,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267207.079954,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1242921726/199653551336) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267207.6842313,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267207.85555,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1242921716/199653551286) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267208.291993,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:info@vc.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n"}
{"level":"error","ts":1691267208.2922502,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: registering account [mailto:info@vc.com] with server: attempt 1: https://acme.zerossl.com/v2/DV90/newAccount: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n","attempt":1,"retrying_in":60,"elapsed":3.484654435,"max_duration":2592000}
{"level":"error","ts":1691267209.3436668,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267210.172685,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/DC6zuPmRnICx1zJJvSL6yw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267210.1729486,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/DC6zuPmRnICx1zJJvSL6yw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":5.370150786,"max_duration":2592000}
{"level":"error","ts":1691267270.1334164,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267270.2858694,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137010184) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267271.4079592,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267271.4672444,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267271.5604403,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137010374) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267271.6332047,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/wu-JPhDA17DdQACtacQtzA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267271.6333039,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/wu-JPhDA17DdQACtacQtzA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":66.825708142,"max_duration":2592000}
{"level":"error","ts":1691267272.567798,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267272.6546175,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/JU_DdBXAJEnpMwKhtF41HA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267272.6548023,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/JU_DdBXAJEnpMwKhtF41HA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":67.852018351,"max_duration":2592000}
{"level":"error","ts":1691267393.0095003,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267393.1674342,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137034244) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267394.1849027,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267394.3374498,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137034394) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267394.5756516,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267394.6929145,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_tMYF0iIgX5GodIk0QjrgQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267394.6931355,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/_tMYF0iIgX5GodIk0QjrgQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":189.885539228,"max_duration":2592000}
{"level":"error","ts":1691267395.3643174,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267395.4991875,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/nwXTP3DpVHbQo5Zhrd-xgg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267395.49932,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/nwXTP3DpVHbQo5Zhrd-xgg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":190.696536259,"max_duration":2592000}
{"level":"error","ts":1691267516.0232174,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267516.1744847,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137056654) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267516.7868674,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267516.9394705,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/113686094/10137056764) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1691267517.8971953,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267517.979145,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XE7POfL5hMZ45yW1yTxsZw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267517.9794145,"logger":"tls.obtain","msg":"will retry","error":"[*.kindalikeme.com] Obtain: [*.kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XE7POfL5hMZ45yW1yTxsZw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":313.171817961,"max_duration":2592000}
{"level":"error","ts":1691267518.6206877,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"kindalikeme.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.kindalikeme.com\" (usually OK if presenting also failed)"}
{"level":"error","ts":1691267518.7350492,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"kindalikeme.com","issuer":"acme.zerossl.com-v2-DV90","error":"[kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XKWykm27grCS_P8sxt03Zg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1691267518.7352262,"logger":"tls.obtain","msg":"will retry","error":"[kindalikeme.com] Obtain: [kindalikeme.com] solving challenges: presenting for challenge: adding temporary record for zone \"kindalikeme.com.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/XKWykm27grCS_P8sxt03Zg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":313.932442171,"max_duration":2592000}

This is the config:

{
  "admin": {
    "disabled": true
  },
  "logging": {
    "logs": {
      "default": {
        "writer": {
          "output": "file",
          "filename": "/var/log/caddy/error.log"
        },
        "level": "ERROR"
      }
    }
  },
  "apps": {
    "http": {
      "servers": {
        "myserver1": {
          "listen": [":80"],
          "routes": [{
            "handle": [{
              "handler": "static_response",
              "headers": {
                "Location": ["https://{http.request.host}{http.request.uri}"]
              },
              "status_code": 301
            }]
          }]
        },
        "myserver2": {
          "listen": [":443"],
          "routes": [{
            "handle": [{
              "handler": "file_server",
              "root": "/var/www/html"
            }]
          },
          {
            "handle": [{
              "handler": "headers",
              "response": {
                "set": {
                  "Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"]
                }
              }
            },
            {
              "handler": "file_server",
              "root": "/var/www/html"
            }]
          }]
        }
      }
    },
    "tls": {
      "certificates": {
        "automate": [
          "kindalikeme.com",
          "*.kindalikeme.com"
        ]
      },
      "automation": {
        "policies": [
          {
            "issuers": [
              {
                "module": "acme",
                "email": "info@vc.com",
                "challenges": {
                  "dns": {
                    "provider": {
                      "name": "cloudflare",
                      "api_token": "{env.CLOUDFLARE_API_TOKEN}"
                    }
                  }
                }
              },
              {
                "module": "zerossl",
                "email": "info@vc.com",
                "challenges": {
                  "dns": {
                    "provider": {
                      "name": "cloudflare",
                      "api_token": "{env.CLOUDFLARE_API_TOKEN}"
                    }
                  }
                }
              }
            ]
          }
        ]
      }
    }
  }
}

What am I missing please?

The “invalid request headers” error from Cloudflare usually means your API token is wrong (which is a dumb error, but we see that all the time and verifying the API token is almost always the fix).

Unless you fill out the help template, we’re unable to help you any further though due to missing information. :frowning:

Thank you Matt. You helped me already.

I had a typo in the API Token variable name in my bash script. This failed silently the the API Token was empty. I wished there was a more obvious error message for this. :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.