Too many renewal attempts?

Mafamaticks · May 26, 2017, 10:00am

c:\caddy>caddy
Activating privacy features…2017/05/26 05:33:14 too many renewal attempts; las
t error: acme: Error 400 - urn:acme:error:connection

Everything was working fine up until a few days ago. Any ideas? Do y’all need anything else from me to troubleshoot?

Magic815 · May 26, 2017, 1:55pm

I believe I’m having the same issue (or maybe mine is slightly different). I just updated to the latest version of Caddy (after completely uninstalling/deleting my previous version of it), and I’m getting a similar error. Mine says:

Activating privacy features…2017/05/26 09:50:43 too many renewal attempts; las
t error: acme: Error 429 - urn:acme:error:rateLimited - Error creating new authz
:: Too many invalid authorizations recently.

This is my Caddy file (with some info [redacted]):

I am using port 10443 instead of 443 (because I run this behind a VPN that can’t port forward 443). Could that be the issue? However, my previous installation of Caddy ran on 10443 just fine for months. Any help is appreciated!

Edit: In case further info helps, the reason I was reinstalling Caddy to the latest version is because I was having issues with Let’sEncrypt automatically renewing. I’m realizing now that me using port 10443 might have been causing issues with the auto-renewal, but I figured that a reinstall to the latest Caddy version might be a good way to try and fix it.

matt · May 26, 2017, 3:25pm

@Mafamaticks @Magic815 Yeah, I’ll need a lot more information; for starters, which version of Caddy are you using (or were you using before the recent upgrade)? What’s the full log from the last few days/weeks? (from the -log flag)

Mafamaticks · May 26, 2017, 5:50pm

Here’s a link the the log file

https://drive.google.com/open?id=0B2FGUXoxY1q6OFlIWUE3VnF6SFE

while troubleshooting

I noticed that my external IP and the IP address on DuckDNS wasn’t updating. Resolved that
I just updated to the latest version of caddy to make certain I wasn’t using an outdated model

@matt

matt · May 26, 2017, 5:56pm

Thanks for the log, but it only covers 30 seconds, I need the full log for the last 30 days to get an idea what caused the rate limiting to happen.

Uh oh, well that would do it.

Mafamaticks · May 26, 2017, 6:03pm

I ran caddy with the -log file and that’s the only output I got. I’m sorry

Is there a way to retrieve anything else besides that?

matt · May 26, 2017, 6:09pm

Unfortunately not, if you didn’t turn logging on.

But it sounds like your DNS was not pointing to the right places? That would certainly cause the problems. Should work after the rate limit goes away. Always make sure your DNS is correctly configured, or auto HTTPS can’t work.

Mafamaticks · May 26, 2017, 6:15pm

Is the rate limit like a fail safe that kills constant connections or something?

matt · May 26, 2017, 6:16pm

Yeah, it’s a protection on LE’s side to ensure buggy setups (like misconfigured DNS) don’t hammer their system and drain their resources. You’ll just have to wait for them to clear up.

Mafamaticks · May 26, 2017, 9:24pm

That’s what it was. my DNS app wasn’t updating and it messed everything up.

I’m gonna turn logging on from now on. Thanks for the help.

Magic815 · May 26, 2017, 11:05pm

Matt -

I have a couple log files, but anyway I can DM them to you? I believe they contain API keys for some of my services.

I checked, and my external IP and the DNS IP matched (I use No-IP, and use their ‘Dynamic Update Client’ to keep my hostname synced to my external IP). Also, my previous install was Caddy v0.9, but like I mentioned in my previous post, it’s already blown away at this point. (I’m currently trying to get Caddy v0.10.3 set up).

Does anything in my above caddy file seem off (see the pastebin link)? Does me using port 10443 instead of 443 for https explain why the auto-renew might have failed with let’sencrypt? I was reading the docs on caddy server, and it mentioned it needing to be on ports 80 and 443, but then didn’t give instructions for if I use No-IP as my DNS provider.

Also, I had error 429 instead of the OP’s error 400. Does that give any further insight into what my problem might be?

Edit:
Just made another attempt when I got home tonight, and now I’m getting error code 400. This is what it now says:

Activating privacy features…2017/05/26 19:52:08 too many renewal attempts; las
t error: acme: Error 400 - urn:acme:error:connection - Could not connect to [mydyndnshostname]
Error Detail:
Validation for [mydyndnshostname]:80
Resolved to:
[My External IP]
Used: [My External IP]

matt · May 27, 2017, 6:04am

If you use ports other than 80 or 443, you need to forward them – like, a raw forward using iptables – if you do any TLS termination or TLS-level forwarding, for example, that will break the ACME challenge on port 443. So that’s quite possible.

Caddy 0.10+ has new command line flags to disable certain challenges (not recommended) or to use other ports as the “HTTP” and “HTTPS” ports (see the cli docs).

429 is Too Many Requests; means you’re being rate limited. Actually same as the OP, but the 429 in his case was due to connection problems because bad DNS config.

Looks like port 80 on your machine is not accessible from external networks…

system · August 25, 2017, 6:04am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.