caddy: LE: Rate limiting woes: some certificates not saved

I run a multi-host setup but I didn’t know about Let’s Encrypt’s public beta rate limits, so the first time I ran Caddy 0.8 it failed for some of the domains that have several subdomains:

[subdom.example.com] failed to get certificate: acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: Too many certificates already issued for: example.com

This happened even if I pruned the list to be within the acceptable limits. However, I still receive the same error messages, and it seems it’s because Caddy saves one certificate for each domain name it sees, but only saves these if there were no errors at all. So the first time I ran Caddy it apparrently registered as many domains as it could, but didn’t save any of these due to some errors from Let’s Encrypt. Now Let’s Encrypt refuses to create more subdomains because it thinks it has already created them, but Caddy hasn’t saved them anywhere.

Caddy managed to save two certificates from a third run, and it seems indeed that it requests one certificate for each domain it sees.

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 15 (3 by maintainers)

Most upvoted comments

The rate limit error showed up to me on my first try using Let’s Encrypt too. It has nothing to do with Caddy. As a temporary solution, disable IPv6 with:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1

issue your Let’s Encrypt certificate,

and re-enable IPv6 with:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0

The above works on Ubuntu/Debian.

+5
lenovouser on Dec 5, 2015
Read more comments on GitHub
← caddy: lb_try_interval/lb_try_duration do not pick up new backends on config reload
caddy: linux arm: Invalid memory address or null pointer dereference panic when using fastcgi →