I believe I’m having the same issue (or maybe mine is slightly different). I just updated to the latest version of Caddy (after completely uninstalling/deleting my previous version of it), and I’m getting a similar error. Mine says:
Activating privacy features…2017/05/26 09:50:43 too many renewal attempts; las
t error: acme: Error 429 - urn:acme:error:rateLimited - Error creating new authz
:: Too many invalid authorizations recently.
This is my Caddy file (with some info [redacted]):
I am using port 10443 instead of 443 (because I run this behind a VPN that can’t port forward 443). Could that be the issue? However, my previous installation of Caddy ran on 10443 just fine for months. Any help is appreciated!
Edit: In case further info helps, the reason I was reinstalling Caddy to the latest version is because I was having issues with Let’sEncrypt automatically renewing. I’m realizing now that me using port 10443 might have been causing issues with the auto-renewal, but I figured that a reinstall to the latest Caddy version might be a good way to try and fix it.
@Mafamaticks@Magic815 Yeah, I’ll need a lot more information; for starters, which version of Caddy are you using (or were you using before the recent upgrade)? What’s the full log from the last few days/weeks? (from the -log flag)
I noticed that my external IP and the IP address on DuckDNS wasn’t updating. Resolved that
I just updated to the latest version of caddy to make certain I wasn’t using an outdated model
But it sounds like your DNS was not pointing to the right places? That would certainly cause the problems. Should work after the rate limit goes away. Always make sure your DNS is correctly configured, or auto HTTPS can’t work.
Yeah, it’s a protection on LE’s side to ensure buggy setups (like misconfigured DNS) don’t hammer their system and drain their resources. You’ll just have to wait for them to clear up.
I have a couple log files, but anyway I can DM them to you? I believe they contain API keys for some of my services.
I checked, and my external IP and the DNS IP matched (I use No-IP, and use their ‘Dynamic Update Client’ to keep my hostname synced to my external IP). Also, my previous install was Caddy v0.9, but like I mentioned in my previous post, it’s already blown away at this point. (I’m currently trying to get Caddy v0.10.3 set up).
Does anything in my above caddy file seem off (see the pastebin link)? Does me using port 10443 instead of 443 for https explain why the auto-renew might have failed with let’sencrypt? I was reading the docs on caddy server, and it mentioned it needing to be on ports 80 and 443, but then didn’t give instructions for if I use No-IP as my DNS provider.
Also, I had error 429 instead of the OP’s error 400. Does that give any further insight into what my problem might be?
Edit:
Just made another attempt when I got home tonight, and now I’m getting error code 400. This is what it now says:
Activating privacy features…2017/05/26 19:52:08 too many renewal attempts; las
t error: acme: Error 400 - urn:acme:error:connection - Could not connect to [mydyndnshostname]
Error Detail:
Validation for [mydyndnshostname]:80
Resolved to:
[My External IP]
Used: [My External IP]
If you use ports other than 80 or 443, you need to forward them – like, a raw forward using iptables – if you do any TLS termination or TLS-level forwarding, for example, that will break the ACME challenge on port 443. So that’s quite possible.
Caddy 0.10+ has new command line flags to disable certain challenges (not recommended) or to use other ports as the “HTTP” and “HTTPS” ports (see the cli docs).
429 is Too Many Requests; means you’re being rate limited. Actually same as the OP, but the 429 in his case was due to connection problems because bad DNS config.
Looks like port 80 on your machine is not accessible from external networks…