Ghost setup ssl : One or more errors occurred.

2 minute de lecture
Par Stéphane
Ghost setup ssl : One or more errors occurred.

After entering the command : ghost setup ssl and entering my email, the following command is issued by the script :

+ sudo /etc/letsencrypt/ --issue --home /etc/letsencrypt --domain --webroot /var/www/ghost/ --reloadcmd "nginx -s reload" --accountemail [email protected]

But an error is output :

✖ Setting up SSL
One or more errors occurred.

1) ProcessError

What's a bit weird is that :

[Sun 30 May 2021 11:58:46 PM CEST] Lets finalize the order.
[Sun 30 May 2021 11:58:46 PM CEST] Le_OrderFinalize=''

Exit code: 1

Debug Information:
    OS: Ubuntu, v20.04.2 LTS
    Node Version: v14.17.0
    Ghost Version: 4.6.4
    Ghost-CLI Version: 1.17.3
    Environment: production
    Command: 'ghost setup ssl'

I ran the /etc/letsencrypt/ myself, and here is what I found :

[Mon 31 May 2021 12:00:35 AM CEST] Le_LinkOrder
[Mon 31 May 2021 12:00:35 AM CEST] Le_OrderFinalize
[Mon 31 May 2021 12:00:35 AM CEST] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see",
  "status": 429

What ? I'm being rateLimited ???

Well, this is actually very well documented by Let's Encrypt :

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently.

And also there

We highly recommend testing against our staging environment before using our production environment. This will allow you to get things right before issuing trusted certificates and reduce the chance of your running up against rate limits.

Note that this page has just been updated (7 days ago).

So, do not issue ghost setup ssl too many times, unless you know that it'work.

But, of course, there is Murphy's law... that's why you have 5 retries within an hour I guess.