Lets encrypt rate limiting

Ethan_Solomon · November 12, 2020, 9:39pm

I am running Caddy through docker-compose.

After using my domain for a few months now, I got a lets encrypt rate limiting exception. I have seen things like updating 5 times in a week on the lets encrypt site, and had to stop and build multiple times today. I think I have done this before without a problem, but I am mostly confused bc I was under the impression that the caddy container stores the certificate, and pulls from there before trying to get a new certificate. Is this incorrect? if so, how do I get around this.
caddy section of docker-compose:

version: "3.7"
services:
  caddy:
    build:
      context: ./
      dockerfile: CaddyDockerfile
    network_mode: bridge
    restart: always
    container_name: caddyContainer
    ports:
      - "443:443"
      - "80:80"
    env_file:
      - ./CaddyEnv.env

caddyEnv:

REACT_APP_WEBSOCKET=wss://subdomain/socket
REACT_APP_REDIRECT=https://subdomain/

CaddyDockerfile:

FROM caddy:2.1.1-alpine
COPY ./Caddyfile /etc/caddy/Caddyfile
COPY ./tuui /app

Caddyfile:

subdomain

redir /ui /ui/
handle_path /ui/* {
    root * /app/build/
    file_server
}

handle_path /* {
    reverse_proxy ip:8080
}

handle /env-config.js {
    header Content-Type text/javascript
    respond `window.config = {"REACT_APP_WEBSOCKET": "{$REACT_APP_WEBSOCKET}", "REACT_APP_REDIRECT": "{$REACT_APP_REDIRECT}"};`
}

log {
  level DEBUG
}

Ethan_Solomon · November 12, 2020, 9:51pm

this is the exception that i am getting:
error creating new order: too many certificates already issued for exact set of domains

francislavoie · November 13, 2020, 1:43am

The docs on Docker Hub explain it pretty clearly: Docker Hub

You need to persist /data for your certificates to stick around. If you don’t, every time you take down your container and spin up a new instance, you’re throwing away all the certificates and keys that Caddy issued. Basically you throw away all protections that Caddy provides from hitting rate limits.

Make sure to configure volumes, as described in the docker-compose example at the bottom of the docs on Docker Hub.

Ethan_Solomon · November 13, 2020, 11:17am

Something that still confuses me, and led to my confusion on the docs (not an issue with caddy, but rather lets encrypt), is that lets encrypt seems to say that per subdomain you only get around 5 renewal certificates in a week. I can see that there were some days that i had to update the server like 10 times in a day. Do you know why i didn’t run out of certificates by any chance? i would always stop the containers and then build again

system · December 12, 2020, 9:39pm

This topic was automatically closed after 30 days. New replies are no longer allowed.