SSL Is rate limited and I want to install cloudflare

aziz

NET::ERR_CERT_AUTHORITY_INVALID

And my console when I renew the cert

checkCerts
Oct 22 18:14:15 box:settings initCache: pre-load settings
Oct 22 18:14:15 box:taskworker Starting task 73. Logs are at /home/yellowtent/platformdata/logs/tasks/73.log
Oct 22 18:14:15 box:tasks 73: {"percent":2,"error":null}
Oct 22 18:14:15 box:tasks 73: {"percent":1,"message":"Ensuring certs of my.devz.cloud"}
Oct 22 18:14:15 box:reverseproxy ensureCertificate: my.devz.cloud certificate already exists at /home/yellowtent/platformdata/nginx/cert/.devz.cloud.key
Oct 22 18:14:15 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert notAfter=Jan 17 18:27:23 2022 GMT daysLeft=87.1341194675926
Oct 22 18:14:15 box:reverseproxy providerMatchesSync: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert subject=CN = .devz.cloud domain=.devz.cloud issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Oct 22 18:14:15 box:tasks 73: {"percent":26,"message":"Ensuring certs of test.devz.cloud"}
Oct 22 18:14:15 box:reverseproxy ensureCertificate: test.devz.cloud certificate already exists at /home/yellowtent/platformdata/nginx/cert/.devz.cloud.key
Oct 22 18:14:15 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert notAfter=Jan 17 18:27:23 2022 GMT daysLeft=87.13411917824074
Oct 22 18:14:15 box:reverseproxy providerMatchesSync: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert subject=CN = .devz.cloud domain=.devz.cloud issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Oct 22 18:14:15 box:tasks 73: {"percent":51,"message":"Ensuring certs of devz.cloud"}
Oct 22 18:14:15 box:reverseproxy ensureCertificate: devz.cloud cert does not exist
Oct 22 18:14:15 box:reverseproxy ensureCertificate: getting certificate for devz.cloud with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"faziz4911@outlook.sa"}
Oct 22 18:14:15 box:cert/acme2 getCertificate: attempt 1
Oct 22 18:14:15 box:cert/acme2 getCertificate: start acme flow for devz.cloud from https://acme-v02.api.letsencrypt.org/directory
Oct 22 18:14:15 box:cert/acme2 registerUser: registering user
Oct 22 18:14:15 box:cert/acme2 sendSignedRequest: using nonce 0101jF-st20zZzi6eL2phy-mDC85Wq9U5cCzJQcZuEHcwqE for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Oct 22 18:14:15 box:cert/acme2 registerUser: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:15 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/208177800 email: faziz4911@outlook.sa
Oct 22 18:14:15 box:cert/acme2 sendSignedRequest: using nonce 0102u0gtzaL0GPDx-hTQy6P2_uV4HfRwl4Su7P06KNr5Nxk for url https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:16 box:cert/acme2 updateContact: contact of user updated to faziz4911@outlook.sa
Oct 22 18:14:16 box:cert/acme2 newOrder: devz.cloud
Oct 22 18:14:16 box:cert/acme2 sendSignedRequest: using nonce 0102srJGvBOG3Hiacset3kFi-JTG005puX3LnSkHiHOPk5E for url https://acme-v02.api.letsencrypt.org/acme/new-order
Oct 22 18:14:16 box:cert/acme2 getCertificate: attempt 2
Oct 22 18:14:16 box:cert/acme2 getCertificate: start acme flow for devz.cloud from https://acme-v02.api.letsencrypt.org/directory
Oct 22 18:14:16 box:cert/acme2 registerUser: registering user
Oct 22 18:14:16 box:cert/acme2 sendSignedRequest: using nonce 0102oMuXu5-pT-j0HLeGauy1X9XE18lmoQAK_TBll-yO_XE for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Oct 22 18:14:16 box:cert/acme2 registerUser: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:16 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/208177800 email: faziz4911@outlook.sa
Oct 22 18:14:16 box:cert/acme2 sendSignedRequest: using nonce 0101drspmA_ZPCI7tFz67SrIb_nY7aBQk63HbcQFIC31RxM for url https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:17 box:cert/acme2 updateContact: contact of user updated to faziz4911@outlook.sa
Oct 22 18:14:17 box:cert/acme2 newOrder: devz.cloud
Oct 22 18:14:17 box:cert/acme2 sendSignedRequest: using nonce 0102ey8bannQy2_xDWaA3rW7F6cwBLwj8Zd4qyLtCu2cfhs for url https://acme-v02.api.letsencrypt.org/acme/new-order
Oct 22 18:14:17 box:cert/acme2 getCertificate: attempt 3
Oct 22 18:14:17 box:cert/acme2 getCertificate: start acme flow for devz.cloud from https://acme-v02.api.letsencrypt.org/directory
Oct 22 18:14:17 box:cert/acme2 registerUser: registering user
Oct 22 18:14:17 box:cert/acme2 sendSignedRequest: using nonce 0101PpaQFUOLybXOQGhg3U0YKY3h_MPRPKt9nLICiui45vo for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Oct 22 18:14:17 box:cert/acme2 registerUser: user registered keyid: https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:17 box:cert/acme2 updateContact: registrationUri: https://acme-v02.api.letsencrypt.org/acme/acct/208177800 email: faziz4911@outlook.sa
Oct 22 18:14:18 box:cert/acme2 sendSignedRequest: using nonce 0102JJhn_Gcpw3O0nhYKxGZeoz9tLmaKZiClpagbTGjLraQ for url https://acme-v02.api.letsencrypt.org/acme/acct/208177800
Oct 22 18:14:18 box:cert/acme2 updateContact: contact of user updated to faziz4911@outlook.sa
Oct 22 18:14:18 box:cert/acme2 newOrder: devz.cloud
Oct 22 18:14:18 box:cert/acme2 sendSignedRequest: using nonce 0102ryT8-GhcAKp4JxM5lIXLEeyIm-1wTajNBBLwgGwOhao for url https://acme-v02.api.letsencrypt.org/acme/new-order
Oct 22 18:14:18 box:reverseproxy ensureCertificate: error: Failed to send new order. Expecting 201, got 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRyFTLRNyDmT1a1boZVcertificates (5) already issued for this exact set of domains in the last 168 hours: devz.cloud: see https://letsencrypt.org/docs/rate-limits/","status":429} cert: /home/yellowtent/platformdata/nginx/cert/devz.cloud.cert
Oct 22 18:14:18 box:reverseproxy ensureCertificate: renewal of devz.cloud failed. using fallback certificates for devz.cloud
Oct 22 18:14:18 box:tasks 73: {"percent":76,"message":"Ensuring certs of forum.devz.cloud"}
Oct 22 18:14:18 box:reverseproxy ensureCertificate: forum.devz.cloud certificate already exists at /home/yellowtent/platformdata/nginx/cert/.devz.cloud.key
Oct 22 18:14:18 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert notAfter=Jan 17 18:27:23 2022 GMT daysLeft=87.13407695601852
Oct 22 18:14:18 box:reverseproxy providerMatchesSync: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert subject=CN = .devz.cloud domain=.devz.cloud issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=true/true prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Oct 22 18:14:18 box:reverseproxy renewCerts: Renewed certs of []
Oct 22 18:14:18 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/.devz.cloud.cert notAfter=Jan 17 18:27:23 2022 GMT daysLeft=87.13407671296297
Oct 22 18:14:18 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Nov 26 18:09:20 2023 GMT daysLeft=765.1215419097222
Oct 22 18:14:18 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/devz.cloud.host.cert notAfter=Dec 28 19:26:58 2023 GMT daysLeft=797.1754538657408
Oct 22 18:14:18 box:taskworker Task took 3.816 seconds
Oct 22 18:14:18 box:tasks setCompleted - 73: {"result":[null,null],"error":null}
Oct 22 18:14:18 box:tasks 73: {"percent":100,"result":[null,null],"error":null}

I see it like it's ratelimit so i need cloudflare how do i setup it when I wanted to it keep redirect until the browser stops me

nebulon

@aziz this may be some other bug actually as the logs indicate you have a valid certificate already, yet then goes on and tries to get a fresh one, despite the old one being valid for another 87 days. If this bug is hit in a loop I can see how you hit the rate-limit. Maybe this is a permission issue on your instance. Not sure, if you want, enable remote ssh support https://docs.cloudron.io/support/#remote-support and if you do, send us a mail to support@cloudron.io with your dashboard domain.

girish

@aziz So, certificate for *.devz.cloud is already there, so if you install apps on subdomain it will work. Cert for devz.cloud (it is not a subdomain, so we have to get a separate cert from the wildcard cert) is getting rate limited.

You can just wait for 2-3 days to install an app on the bare domain and that should work. You should be able to install apps in subdomains in the meantime.