How to solve urn:acme:error:rateLimited

narnikgamarnikus · January 14, 2018, 12:41am

Hello.

I ran the docker-compose -f prodution.yml up -build command several times, after which I had to delete the files of my containers, and now when I try to repeat this, I get an error:

[www.domain.com] failed to get certificate: acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: too many certificates already issued for exact set of domains: domain: see https://letsencrypt.org/docs/rate-limits/

I understand that this is due to limits from LetsEncrypt, but how to solve this problem?
I do not have time to wait, I need to deploy my web application.

I think of two ways to solve this problem:

Disable HTTPS, while there is no time to retrieve the certificate from LetsEncrypt
Buy a premium certificate.

I tried the first method, but the web application was not available:

www.{$DOMAIN_NAME} {
    redir https://domain.com
}

{$DOMAIN_NAME} {
    proxy / myapp:5000 {
        header_upstream Host {host}
        header_upstream X-Real-IP {remote}
        header_upstream X-Forwarded-Proto {scheme}
    }
    tls
    log stdout
    errors stdout
    gzip
}

Do you have any ideas on how I can get out of this situation as quickly as possible?

Thank you in advance.

Lucas · January 14, 2018, 1:11am

If you need to disable HTTPS for this domain while you wait for the rate limits on Let’s Encrypt you can set the tls directive to the off value as described here: https://caddyserver.com/docs/tls

The default port for Caddy when not using automatic HTTPS is 2015 I think, so when you configure your domain without automatic HTTPS (tls off) you will need to either explicitly define the scheme or the port, for example http://www.domain.com instead of just www.domain.com, to use port 80.

Whitestrake · January 15, 2018, 12:22am

Hi @narnikgamarnikus,

The advice from @Lucas is solid; prepending your site labels with http://, like so:

http://www.{$DOMAIN_NAME} {
  ...
}

http://{$DOMAIN_NAME} {
  ...
}

will both turn off TLS, and serve the site on port 80. Remove the scheme prefix in a week when the rate limits clear.

system · April 15, 2018, 12:22am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.