Too many renewal attempts?

Activating privacy features…2017/05/26 05:33:14 too many renewal attempts; las
t error: acme: Error 400 - urn:acme:error:connection

Everything was working fine up until a few days ago. Any ideas? Do y’all need anything else from me to troubleshoot?

I believe I’m having the same issue (or maybe mine is slightly different). I just updated to the latest version of Caddy (after completely uninstalling/deleting my previous version of it), and I’m getting a similar error. Mine says:

Activating privacy features…2017/05/26 09:50:43 too many renewal attempts; las
t error: acme: Error 429 - urn:acme:error:rateLimited - Error creating new authz
:: Too many invalid authorizations recently.

This is my Caddy file (with some info [redacted]):

I am using port 10443 instead of 443 (because I run this behind a VPN that can’t port forward 443). Could that be the issue? However, my previous installation of Caddy ran on 10443 just fine for months. Any help is appreciated!

Edit: In case further info helps, the reason I was reinstalling Caddy to the latest version is because I was having issues with Let’sEncrypt automatically renewing. I’m realizing now that me using port 10443 might have been causing issues with the auto-renewal, but I figured that a reinstall to the latest Caddy version might be a good way to try and fix it.

@Mafamaticks @Magic815 Yeah, I’ll need a lot more information; for starters, which version of Caddy are you using (or were you using before the recent upgrade)? What’s the full log from the last few days/weeks? (from the -log flag)

Here’s a link the the log file

while troubleshooting

I noticed that my external IP and the IP address on DuckDNS wasn’t updating. Resolved that
I just updated to the latest version of caddy to make certain I wasn’t using an outdated model


Thanks for the log, but it only covers 30 seconds, I need the full log for the last 30 days to get an idea what caused the rate limiting to happen.

Uh oh, well that would do it.

I ran caddy with the -log file and that’s the only output I got. I’m sorry

Is there a way to retrieve anything else besides that?

Unfortunately not, if you didn’t turn logging on.

But it sounds like your DNS was not pointing to the right places? That would certainly cause the problems. Should work after the rate limit goes away. Always make sure your DNS is correctly configured, or auto HTTPS can’t work.

Is the rate limit like a fail safe that kills constant connections or something?

Yeah, it’s a protection on LE’s side to ensure buggy setups (like misconfigured DNS) don’t hammer their system and drain their resources. You’ll just have to wait for them to clear up.

That’s what it was. my DNS app wasn’t updating and it messed everything up.

I’m gonna turn logging on from now on. Thanks for the help.

1 Like

Matt -

I have a couple log files, but anyway I can DM them to you? I believe they contain API keys for some of my services.

I checked, and my external IP and the DNS IP matched (I use No-IP, and use their ‘Dynamic Update Client’ to keep my hostname synced to my external IP). Also, my previous install was Caddy v0.9, but like I mentioned in my previous post, it’s already blown away at this point. (I’m currently trying to get Caddy v0.10.3 set up).

Does anything in my above caddy file seem off (see the pastebin link)? Does me using port 10443 instead of 443 for https explain why the auto-renew might have failed with let’sencrypt? I was reading the docs on caddy server, and it mentioned it needing to be on ports 80 and 443, but then didn’t give instructions for if I use No-IP as my DNS provider.

Also, I had error 429 instead of the OP’s error 400. Does that give any further insight into what my problem might be?

Just made another attempt when I got home tonight, and now I’m getting error code 400. This is what it now says:

Activating privacy features…2017/05/26 19:52:08 too many renewal attempts; las
t error: acme: Error 400 - urn:acme:error:connection - Could not connect to [mydyndnshostname]
Error Detail:
Validation for [mydyndnshostname]:80
Resolved to:
[My External IP]
Used: [My External IP]

If you use ports other than 80 or 443, you need to forward them – like, a raw forward using iptables – if you do any TLS termination or TLS-level forwarding, for example, that will break the ACME challenge on port 443. So that’s quite possible.

Caddy 0.10+ has new command line flags to disable certain challenges (not recommended) or to use other ports as the “HTTP” and “HTTPS” ports (see the cli docs).

429 is Too Many Requests; means you’re being rate limited. Actually same as the OP, but the 429 in his case was due to connection problems because bad DNS config.

Looks like port 80 on your machine is not accessible from external networks…

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.