DuckDNS and Let's Encrypt not renewing certificate in HASS on Rasp Pi

HASS was working fine until the https certificate expired. I can see via the browser that the certificate was valid from 7/16 to 10/14. I have DuckDNS giving this error:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[02:57:43] INFO: KO
# INFO: Using main config file /data/workdir/config
Processing HIDDEN-duckdns.org
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 429)
Details:
HTTP/2 429 
server: nginx
date: Thu, 19 Nov 2020 02:57:54 GMT
content-type: application/problem+json
content-length: 201
boulder-requester: 91554456
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0004nn0xONXairicfBtUNVTl8cwZXCgltYggVt6zv5YFMws

{
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}

DuckDNS Configuration:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: a13bfad1-e433-48fc-9626-bdb7f50498b1
domains:
  - HIDDEN-duckdns.org
aliases: []
seconds: 300

configuration.yaml:

http:
  external_url: https://HIDDEN.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Port 8123 is open and directed towards the raspberry pi. I tried also opening 80, restarting the addon and the raspberry pi, as well as changing /ssl/fullchain.pem to fullchain.pem and doing the same for privkey.pem to no avail.

Any help would be greatly appreciated.

Thank you!

1 Like

Have you solved this?

I have the same issue.

I have exactly the same issue too