I am unable to deploy to AWS using CloudFormation today. I have done this many times in the past, but it’s not working today. I first tried with the new version 2.13.0. The deploy completed successfully but I wasn’t able to ping the server.
I then tried with version 2.12.0 which has worked many times for me. With that version the deploy fails. It looks like there’s a rate limiting issue with letsencrypt. But this is the only place I’m using this domain and I only have the one CloudFormation stack which failed.
Here is the content from the deployment log file…
TASK [nginx : Create letsencrypt certificate] **********************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "letsencrypt certonly -n --webroot -w /var/www/html -m ###@###.com --agree-tos -d ###.app", "delta": "0:00:01.164890", "end": "2020-04-26 03:06:44.152501", "msg": "non-zero return code", "rc": 1, "start": "2020-04-26 03:06:42.987611", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugins selected: Authenticator webroot, Installer None\nObtaining a new certificate\nAn unexpected error occurred:\nThere were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: ###.app: see https://letsencrypt.org/docs/rate-limits/\nPlease see the logfiles in /var/log/letsencrypt for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Plugins selected: Authenticator webroot, Installer None", "Obtaining a new certificate", "An unexpected error occurred:", "There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: ###.app: see https://letsencrypt.org/docs/rate-limits/", "Please see the logfiles in /var/log/letsencrypt for more details."], "stdout": "IMPORTANT NOTES:\n - Your account credentials have been saved in your Certbot\n configuration directory at /etc/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain certificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.", "stdout_lines": ["IMPORTANT NOTES:", " - Your account credentials have been saved in your Certbot", " configuration directory at /etc/letsencrypt. You should make a", " secure backup of this folder now. This configuration directory will", " also contain certificates and private keys obtained by Certbot so", " making regular backups of this folder is ideal."]}
RUNNING HANDLER [nginx : restart nginx] ****************************************
PLAY RECAP *********************************************************************
localhost : ok=18 changed=12 unreachable=0 failed=1 skipped=15 rescued=0 ignored=0
Cloud-init v. 19.4-33-gbb4131a2-0ubuntu1~18.04.1 running 'modules:final' at Sun, 26 Apr 2020 03:04:10 +0000. Up 46.12 seconds.
2020-04-26 03:06:44,326 - util.py[WARNING]: Failed running /var/lib/cloud/instance/scripts/part-001 [2]
2020-04-26 03:06:44,347 - cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)
2020-04-26 03:06:44,358 - util.py[WARNING]: Running module scripts-user (<module 'cloudinit.config.cc_scripts_user' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_scripts_user.py'>) failed
Cloud-init v. 19.4-33-gbb4131a2-0ubuntu1~18.04.1 finished at Sun, 26 Apr 2020 03:06:44 +0000. Datasource DataSourceEc2Local. Up 199.70 seconds
And the letsencrypt log file has…
2020-04-26 03:06:44,112:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 429 236
2020-04-26 03:06:44,113:DEBUG:acme.client:Received response:
HTTP 429
Server: nginx
Date: Sun, 26 Apr 2020 03:06:44 GMT
Content-Type: application/problem+json
Content-Length: 236
Connection: keep-alive
Boulder-Requester: 84472909
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 00027NaV0UXSqqrIQG1Q4MNBw_TIirtWnCQ79Pxczb8VOnA{
“type”: “urn:ietf:params:acme:error:rateLimited”,
“detail”: “Error creating new order :: too many certificates already issued for exact set of domains: ###.app: see Rate Limits - Let's Encrypt”,
“status”: 429
}
2020-04-26 03:06:44,113:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/letsencrypt”, line 11, in
load_entry_point(‘certbot==0.27.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1254, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 391, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 366, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 889, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 672, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 96, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1204, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1218, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1073, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: ###.app: see Rate Limits - Let's Encrypt
2020-04-26 03:06:44,114:ERROR:certbot.log:An unexpected error occurred:
2020-04-26 03:06:44,114:ERROR:certbot.log:There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains: ###.app: see Rate Limits - Let's Encrypt