Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Letsencrypt rateLimited 429 error
See original GitHub issueMup version 1.5.2 (but I got this error around 4 days ago on 1.5.0.
Mup config
{
"servers": {
"one": {
"host": "1.2.3.4",
"username": "root",
"pem": "~/.ssh/pem"
}
},
"app": {
"name": "my-app",
"path": "../",
"servers": {
"one": {}
},
"buildOptions": {
"serverOnly": true
},
"env": {
"ROOT_URL": "https://subdomain.subdomain.host.com",
"MONGO_URL": "mongodb://mongodb:27017/my-app",
"MONGO_OPLOG_URL": "mongodb://mongodb/local",
"VIRTUAL_HOST": "subdomain.subdomain.host.com",
"HTTPS_METHOD": "redirect",
"LETSENCRYPT_HOST": "subdomain.subdomain.host.com",
"LETSENCRYPT_EMAIL": "email@domain.com",
"VIRTUAL_PORT": 3000,
"HTTP_FORWARDED_COUNT": 1
},
"docker": {
"image": "abernix/meteord:node-12.16.1-base",
"stopAppDuringPrepareBundle": true,
"imagePort": 3000,
"args": [
"--link=mongodb:mongodb"
]
},
"enableUploadProgressBar": true,
"type": "meteor"
},
"mongo": {
"version": "4.4",
"servers": {
"one": {}
},
"dbName": "eshs-inspection"
},
"proxy": {
"domains": "subdomain.subdomain.host.com",
"ssl": {
"letsEncryptEmail": "email@domain.com",
"forceSSL": true
}
}
}
Output of command (mup proxy logs-le)
[104.248.95.147]2020/12/04 10:06:16 Received event die for container d97c429c4478
[104.248.95.147]2020/12/04 10:06:16 Debounce minTimer fired
[104.248.95.147]2020/12/04 10:06:16 Generated '/app/letsencrypt_service_data' from 3 containers
[104.248.95.147]2020/12/04 10:06:16 Running '/app/signal_le_service'
[104.248.95.147]Sleep for 3600s
[104.248.95.147]2020/12/04 10:06:17 Received event start for container 4b5296f95038
[104.248.95.147]2020/12/04 10:06:18 Debounce minTimer fired
[104.248.95.147]2020/12/04 10:06:18 Generated '/app/letsencrypt_service_data' from 4 containers
[104.248.95.147]2020/12/04 10:06:18 Running '/app/signal_le_service'
[104.248.95.147]Creating/renewal subdomain.subdomain.host.com certificates... (subdomain.subdomain.host.com)
[104.248.95.147][Fri Dec 4 10:06:20 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[104.248.95.147][Fri Dec 4 10:06:20 UTC 2020] Single domain='subdomain.subdomain.host.com'
[104.248.95.147][Fri Dec 4 10:06:20 UTC 2020] Getting domain auth token for each domain
[104.248.95.147][Fri Dec 4 10:06:22 UTC 2020] Create new order error. Le_OrderFinalize not found. {
[104.248.95.147] "type": "urn:ietf:params:acme:error:rateLimited",
[104.248.95.147] "detail": "Error creating new order :: too many certificates already issued for exact set of domains: subdomain.subdomain.host.com: see https://letsencrypt.org/docs/rate-limits/",
[104.248.95.147] "status": 429
[104.248.95.147]}
[104.248.95.147][Fri Dec 4 10:06:22 UTC 2020] Please check log file for more details: /dev/null
[104.248.95.147]Sleep for 3600s
What I found on the letsencrypt site is that the limit is set to 5 times a week. This is for renewing the ssl certificate and from what I read this is only done once a month by Meteor up.
I haven’t had this issue with previous projects, but I have my suspection of why this could be happening. In the past 2 weeks I changed two things for deploying with Meteor up.
Because of the bug I now have to switch back to an older version (12.18.3) using nvm to get it to deploy. This might be a reason why it’s trying to refresh the domain everytime. I also implemented a simple bash script that would do these steps for me, because I kept forgetting about switching the nvm version back.
This is the bash script I used to deploy the project:
#!/bin/bash
export NVM_DIR=$HOME/.nvm;
source $NVM_DIR/nvm.sh;
cd .mup-beta
nvm use 12.18.3
echo 'Deploying from:'
echo $PWD
mup setup
mup deploy
echo 'Finished Deployment!'
I am hoping that this can get fixed soon, because it’s currently breaking my application for showing the following error:
subdomain.subdomain.host.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
The app is running on the new .app from google, so it is also not accessible without https. I have currently switched to a new subdomain and have been able to deploy there without any issues, but I’m worried the same issue will reappear again after deploying too often.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:13 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thanks for finding the cause. This is fixed in Mup 1.5.3.
@fabian-aramendi I was able to get everything back online thanks to your guide! For others who have mup installed as a global package, you need to make the changes in the following location: ~/.nvm/versions/node/Your node version/lib/node_modules/mup
You can find this location by typing npm root -g in your terminal.
For me the files were also in a lib folder instead of the src folder you mentioned, but it all worked out well.
Reading from the change logs from the nginx-proxy-companion it seems like they released a 2.0 version without backwards compatibility for some parts which caused the issues.