Errors When Activating privacy features

what is wrong when I get this:

 caddy
Activating privacy features... 2019/12/14 18:40:10 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:12 [INFO] [figtree.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733608601
2019/12/14 18:40:12 [INFO] [figtree.io] acme: Could not find solver for: tls-alpn-01
2019/12/14 18:40:12 [INFO] [figtree.io] acme: use http-01 solver
2019/12/14 18:40:12 [INFO] [figtree.io] acme: Trying to solve HTTP-01
2019/12/14 18:40:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733608601
2019/12/14 18:40:17 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733608601
2019/12/14 18:40:18 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:18 [INFO] [figtree.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733609892
2019/12/14 18:40:18 [INFO] [figtree.io] acme: Could not find solver for: tls-alpn-01
2019/12/14 18:40:18 [INFO] [figtree.io] acme: use http-01 solver
2019/12/14 18:40:18 [INFO] [figtree.io] acme: Trying to solve HTTP-01
2019/12/14 18:40:22 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733609892
2019/12/14 18:40:22 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733609892
2019/12/14 18:40:23 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:23 [INFO] [figtree.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733610775
2019/12/14 18:40:23 [INFO] [figtree.io] acme: Could not find solver for: tls-alpn-01
2019/12/14 18:40:23 [INFO] [figtree.io] acme: use http-01 solver
2019/12/14 18:40:23 [INFO] [figtree.io] acme: Trying to solve HTTP-01
2019/12/14 18:40:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733610775
2019/12/14 18:40:28 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733610775
2019/12/14 18:40:29 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:30 [INFO] [figtree.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612201
2019/12/14 18:40:30 [INFO] [figtree.io] acme: use tls-alpn-01 solver
2019/12/14 18:40:30 [INFO] [figtree.io] acme: Trying to solve TLS-ALPN-01
2019/12/14 18:40:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612201
2019/12/14 18:40:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612201
2019/12/14 18:40:32 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:32 [INFO] [figtree.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612798
2019/12/14 18:40:32 [INFO] [figtree.io] acme: use tls-alpn-01 solver
2019/12/14 18:40:32 [INFO] [figtree.io] acme: Trying to solve TLS-ALPN-01
2019/12/14 18:40:33 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612798
2019/12/14 18:40:33 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612798
2019/12/14 18:40:34 [INFO] [figtree.io] acme: Obtaining bundled SAN certificate
2019/12/14 18:40:35 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

Caddy file looks like this:
figtree.io, www.figtree.io {
proxy / centos:8080 {
transparent
}
gzip
tls 1234@figtree.io
}

I had a prior install of Caddy working well on this domain but now I can get it to work.
Any help appreciated.

According to the auth URLs, LetsEncrypt noted for the HTTP-01 challenge (https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733610775) that it received:

Invalid response from http://figtree.io/.well-known/acme-challenge/55QKyE4hnDvA-LJnL__tpJtmFFAZno410uFxzYkiuAY [2607:f1c0:100f:f000::2de]: 204

And when trying a TLS-ALPN-01 challenge (https://acme-v02.api.letsencrypt.org/acme/authz-v3/1733612201), it encountered a remote error: tls: internal error.

These are strong indicators that traffic for your domain is not being routed directly to the Caddy server that is attempting to solve these challenges. Double check your DNS is set correctly, any port forwards are properly pointed to the Caddy host machine, and firewalls are configured such that external traffic for ports 80 and 443 go directly to Caddy.

To quote LetsEncrypt’s rate limit documentation:

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems.

—Rate Limits - Let's Encrypt

This means you failed 5 validation attempts on this domain. I strongly advise that while troubleshooting this issue, you disable any automatic restarting of Caddy and use the staging environment to avoid abusing LetsEncrypt’s production servers and getting rate limited.

Could it be that LetsEncrypt is trying to use an IP6 address. I don’t think I have an IP6 address; but I see 1 AND 1 has added an AAAA record in the DNS settings. Maybe just delete to AAAA record??? I dont think its my ports as I have it working temporarily by adding https:// to the domain name and tls self_signed in the caddy file…

Yes, in the metadata I looked at, LetsEncrypt found an IPv4 and an IPv6 address and used the IPv6 to carry out the validation.

If you didn’t set the AAAA record yourself, it’s probably not pointed at the right place. Delete it (or update it to the IPv6 address of your server if you have one) and try again.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.