Error : Unable to obtain ACME certificate for domains

rodskie123 · March 7, 2022, 12:43pm

Trying to install n8n on my Virtualbox VM with CentOS and I encountered an error after executing the docker-compose up

traefik_1  | time="2022-03-07T12:39:47Z" level=error msg="Unable to obtain ACME certificate for domains \"n8n.testonly.link\": cannot get ACME client acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:rateLimited :: Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/" rule="Host(`n8n.testonly.link`)" providerName=mytlschallenge.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" [email protected]

Did anyone encountered this issue? Let me know TYIA

Jon · March 7, 2022, 12:51pm

Hey @rodskie123,

Looking at the error message it looks like Lets Encrypt is blocking your IP.

Error creating new account :: too many registrations for this IP: see Rate Limits - Let's Encrypt

Looking at the linked docs page it looks like you might have to wait a while before trying again

You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers. Exceeding these limits is reported with the error message too many registrations for this IP or too many registrations for this IP range.

I am not sure why they think you have hit a limit that would be a question for them but the first thing I can think of is maybe you are using a proxy and the IP for that has been used multiple times in the last 3 hours.

rodskie123 · March 7, 2022, 1:09pm

While checking on my configuration the only proxy that I saw is my port 443 it say my port 443 in use by docker-proxy, is there any work around to fix the issue I encountered?

rodskie123 · March 7, 2022, 1:36pm

heres my docker-compose.yml file content

version: "3"

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${DATA_FOLDER}/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/pdadmin/n8n-local-files/letsencrypt/acme.json

  n8n:
    image: n8nio/n8n
    restart: always
    ports:
           - "127.0.0.1:5678:5678"
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true

I tried to change - “–entrypoints.web.http.redirections.entryPoint.to=websecure” websecure to web still got same error. and add my acme.json file path on the volume but still same

rodskie123 · March 7, 2022, 1:38pm

also I change the letsencrypt folder ownership from root to myuse and check the acme.json content is it normally the “Certificates” value is “Null”?

   },
    "Certificates": null
  }

rodskie123 · March 7, 2022, 1:39pm

May I know if is it possible to install the n8n to virtualbox VM’s?

Jon · March 7, 2022, 2:09pm

Hey @rodskie123,

There is no reason for it to not work on Virtual Box that I can think of, The proxy was more of a question around your setup and your access to the internet. Sadly though as your IP was blocked by Lets Encrypt there is not really anything we can do as we don’t control that service.

I would wait 3 hours before trying again or you will just keep increasing the time you are blocked for

rodskie123 · March 8, 2022, 3:20am

May I know if there is any guide on how to install n8n on centOS? I guess the issue is DNS maybe? since I haven’t setup it online. do you have recommendation that I can setup my DNS only in my server without configuring online or availing some hosting?

Most of the tutorials in youtube they are all using hosting to setup DNS…

rodskie123 · March 8, 2022, 4:54am

I tried the docker deployment and it works I can access now the n8n localhost.

Jon · March 8, 2022, 10:01am

That is good to hear, So if you want to access your instance from the outside world you don’t need DNS but it helps if you want to use an HTTPS certificate that services will trust. You would need to set up port forwarding on your router to set a route to the internal machine that is running n8n.

The other option would be to use something like ngrok to handle the port forwarding and everything for you but I don’t have instructions on how to take that approach.

What I did for my home setup was to buy a domain name (I used Namecheap but other options are available), I then set up a reverse proxy and pointed port 80 and port 443 on my router to the IP of the machine running the proxy. In Namecheap I set up an A record to point to my public IP and from there everything just works.

There are other routes and options you can take it all depends on what you are comfortable doing, You could also use the n8n Desktop option if you are happy to keep the machine running or n8n Cloud.

rodskie123 · March 8, 2022, 10:43am

Thank you for your inputs jon, for now my priority is to install and familiarize the features of n8n on my server without other setup like port forwarding and DNS. Currently I deploy the n8n in my server with CentOS, may I know if is there other option to fix this issue without certificates?

Jon · March 8, 2022, 11:21am

Hey @rodskie123,

You could set the Webhook URL to match the IP of the VM but this is going to restrict what you can do but as long as you are only dealing with outbound connecting you will be fine.