I found https://github.com/immers-space/guppe unable to start, each attempt erroring with:
AcmeRequest.requestError: (429 urn:ietf:params:acme:error:rateLimited Error creating new order :: too many failed authorizations recently)
Unfortunately, docker swarm had cycled through so many containers overnight that even the oldest ones in docker ps -a had failed with the 429, by the time I looked at is, so I was unable to observe the initial issue.
For now, I have it running again using the last provisioned cert by using a patched version of auto-encrypt that skips the renewal check (I was not able to simply use the certs with https.createServer as the certs were refused by browsers with an error indicating OCSP stapling was missing).
After a week passes for my LetsEncrypt rate limits to reset, I will attempt another renewal and see what happens.
Probably what's broken it is my load-balancing setup. I have pre-SSL-termination load balancing via Docker Swarm leading to 8 replicas of the Guppe server that use a shared volume for the certs. This works perfectly for loading and using existing certs, but I hadn't considered what would happen with renewal. Perhaps just hitting the rate limit immediately with 8 requests, or issues with 8 processes racing to write to the same disk location.
I found https://github.com/immers-space/guppe unable to start, each attempt erroring with:
```
AcmeRequest.requestError: (429 urn:ietf:params:acme:error:rateLimited Error creating new order :: too many failed authorizations recently)
```
Unfortunately, docker swarm had cycled through so many containers overnight that even the oldest ones in `docker ps -a` had failed with the 429, by the time I looked at is, so I was unable to observe the initial issue.
For now, I have it running again using the last provisioned cert by using a patched version of auto-encrypt that skips the renewal check (I was not able to simply use the certs with `https.createServer` as the certs were refused by browsers with an error indicating OCSP stapling was missing).
After a week passes for my LetsEncrypt rate limits to reset, I will attempt another renewal and see what happens.
Probably what's broken it is my load-balancing setup. I have pre-SSL-termination load balancing via Docker Swarm leading to 8 replicas of the Guppe server that use a shared volume for the certs. This works perfectly for loading and using existing certs, but I hadn't considered what would happen with renewal. Perhaps just hitting the rate limit immediately with 8 requests, or issues with 8 processes racing to write to the same disk location.