tobychui
[BUG] letsencrypt too many registrations for this ip
Describe the bug getting this: https://letsencrypt.org/docs/too-many-registrations-for-this-ip/
clean install alpine lxc from tteck on proxmox (and bit of init.d magic-spent about 2 hours on 'root directory' so zoraxy does not store in root directory"/") i have about 17 hosts on one domain to redirect,worked fine for caddy
To Reproduce create more than 10 certificates from letsencrypt(within time limit of 3 hours)
Additional context problem seems to be not reusing login/account data for acme (i did not find stored acme data)
@Korenchkin You have hit the rate limit by Let's Encrypt. You can use wildcard certificate with DNS challenge or put all the subdomains / hostname into a single certificate (i.e. generate certificate with multiple subdomains, separated by comma like sub1.example.com,sub2.example.com, (and the rest of your 17 host names).
If you are migrating from Caddy to Zoraxy (which we usually recommend advance users to move from Zoraxy to Caddy instead), you do not generate a set of new certificates. Instead, you should migrate the certificate from your old setup to the new one following this guide here.
This i understand and i had imported rest of the certificates,but in the end this bug remains,you seem to create new letsencrypt login for each certificate,otherwise i would have 1 or 2 new registration (i was testing) on my ip...
what happens on renew if i have 20 certificates ending at the same time?renew 10,fails rest and retry next day?
I.e. no cached login means new registration for each certificate,cached login means one registration for 20 certificates and no problem(or other limits might apply,but probably much higher)
Or do i understand it wrong how letsencrypt work?
@Korenchkin I don't know what do you mean by login. You do not need to login to anything to use Let's Encrypt. If you have 20 sites that needed to be served over TLS / HTTPS, use a cert that contains multiple hostname (SAN certificate). Zoraxy support generating SAN certificate via Lets Encrypt so I am not sure what is your problem here.
you don't need login,but you should use it once you get it,if you try caddy for example,create some server and find /|grep 'servername' to locate,where it is,in the same location (for me /var/lib/caddy/.local/share/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/'email'/'namebefore@'. json and key,this is your login if you create new login (i believe you create,maybe without knowing it) for each certificate,you hit limit after 10 certificates(10 new logins) key is just small ~200bytes private key
edit: in caddy i have one name per certificate,i prefer it for security reasons(if you look on certificate,you don't know what other servers i have)
Hmmm, Lets ping the ACME module author and ask for his opinion @yeungalan .
Hi, it sounds like you hit Let's Encrypt's registration limit. Which is 10 accounts per IP address every 3 hours, to reduce the amount of repeated registration you may try to merge your domains into a single certificate and that should resolve your issue
https://letsencrypt.org/docs/too-many-registrations-for-this-ip/
