Windows Server, Cloudflare DNS Auth / Challenge


(No) #1

Hey all,

(Windows server 2016)

I’m sure there’s something obvious i’m doing wrong here, all worked fine before caddy tried to auto renew my cert which is when i realised i needed to update to the newest verison, however now i’m having issues getting it to do DNS auth using cloudflare (I can request one fine using the certify the web gui).

I’ve added the cloudflare API / email Environment variables and i’m not longer getting that error, however when I run caddy, it goes off to “obtain a SAN certificate” which fails as I’ve been rate limited, however this shouldn’t be the case as I can request one via cloudflare API with CTW without an errors.

I can’t work out why it’s not using the cloudflare DNS auth / challenge

C:\caddy>caddy.exe
Activating privacy features… 2019/03/08 15:19:14 [INFO] [xxx.domain.com] acme: Trying renewal with 162 hours remaining
2019/03/08 15:19:14 [INFO] [xxx.domain.xxxx acme: Obtaining bundled SAN certificate
2019/03/08 15:19:25 [INFO] [xxx.domain.xxx] acme: Trying renewal with 162 hours remaining
2019/03/08 15:19:25 [INFO] [xxx.domain.xxx acme: Obtaining bundled SAN certificate
2019/03/08 15:19:35 too many renewal attempts; last error: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

Here’s my caddyfile

xxx.domain.com {
gzip
proxy /xxxx localhost:7878
proxy /xxxxxx localhost:5000
proxy /xxxxx localhost:8081 {

tls {
dns cloudflare
} {
transparent

}

cors

}

Any help much appreciated!


(Matthew Fay) #2

The link there (for the rate limits) will be pretty helpful.

It looks like you’ve hit the validation failure limit (5 per domain per hour).