Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

  • My server hasn't been able to renew certificates for any subdomains for my primary one. All fail with the following error for over a week. I thought that by this time any rate limiting on LetsEncrypt side would have resolved so wondering if something else might be wrong.

    Failed to new certs of Failed to register user. Expecting 201, got 429 undefined. Renewal will be retried in 12 hours
  • Staff

    There was recently an announcement about a change in Let's Encrypt - .

    429 error does mean too many certs/rate limit. Are you using wild card certs or normal domain certs? If you use Cloudron DNS integration you will be using wildcard certs and you shouldn't be hitting this limit.

    @adrw If you go to domains -> Renew all certs, can you send us the logs after it's done ? (

  • Thanks @girish , just emailed the logs! Very much appreciate your help!

  • Staff

    The error seen from the logs is CAA record for * prevents issuance. A CAA record is a special DNS record which authorizes CAs to issue certs for the domain.

    In your case, your top level has a CNAME record to which it turns has CAA records. Try this:

    $ host -t CAA is an alias for has CAA record 0 issue "" has CAA record 0 issue "" has CAA record 0 issuewild ""

    So, issuing wildcard certs for letsencrypt is disabled. This is why it doesn't renew (maybe you didn't have this CNAME record when you setup cloudron).

    Finally, having a CNAME at the top level domain is not a good practice. It essentially aliases the full domain to something else. Which means that subdomain like may not resolve properly. Please see - Maybe you can alias/CNAME instead to github.

  • Thanks for the thorough reply @girish , I've updated my DNS accordingly and the certificates renewed! I'll figure something out with the Github Pages (or self host on Cloudron!)