๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
devOps/Docker

[ ๋„์ปค(Docker) ] Let's Encrypt: Error creating new order :: too many certificates ์˜ค๋ฅ˜

by YWTechIT 2022. 3. 4.
728x90

๐Ÿ“ Let's Encrypt: Error creating new order :: too many certificates ์˜ค๋ฅ˜

Docker-compose๋ฅผ ์ด์šฉํ•˜์—ฌ ์„œ๋ฒ„๋ฅผ ๋ฐฐํฌํ•  ๋•Œ SSL(Secure Sockets Layer)์ธ์ฆ์„ ๋ฐ›๊ธฐ ์œ„ํ•ด ๋ฒ”์šฉ์ ์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ๋ฌด๋ฃŒ ์ธ์ฆ๊ธฐ๊ด€์ธ Let's Encrypt์„ ์ด์šฉํ•˜๋‹ค๊ฐ€ ํ…Œ์ŠคํŠธ ์ž‘์—…ํ•˜๋Š๋ผ ์ธ์ฆ์„œ๋ฅผ ์—ฌ๋Ÿฌ ๋ฒˆ ์žฌ๋ฐœ๊ธ‰๋ฐ›์•˜๋”๋‹ˆ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ์˜ค๋ฅ˜๊ฐ€ ๋œจ๋ฉด์„œ ๋” ์ด์ƒ ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ํ•ด์ฃผ์ง€ ์•Š์•˜๋‹ค.

 

 

An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: <my-domain>: see https://letsencrypt.org/docs/rate-limits/

 

์˜์–ด๋ฅผ ์ฝ์–ด๋ณด๋ฉด ์•Œ ์ˆ˜ ์žˆ๋“ฏ์ด ๋„ˆ๋ฌด ๋งŽ์ด ์ธ์ฆ์„œ๋ฅผ ์š”์ฒญํ•˜์—ฌ Let's Encrypt์—์„œ ๋” ์ด์ƒ ์š”์ฒญํ•˜์ง€ ๋ชปํ•˜๊ฒŒ ์ œํ•œ์‹œํ‚จ ๊ฒƒ์ธ๋ฐ, limit-rate์— The main limit is Certificates per Registered Domain (50 per week)๋ผ๊ณ  ์ž‘์„ฑ๋˜์–ด์žˆ๋Š”๊ฒƒ์œผ๋กœ ๋ณด์•„ ์ฃผ๋‹น 50๋ฒˆ๊นŒ์ง€ ์š”์ฒญํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๊ณ  50๋ฒˆ์ด ๋„˜์–ด๊ฐ€๋ฉด ์‚ฌ์ง„์ฒ˜๋Ÿผ 1์ฃผ์ผ ๋™์•ˆ ์š”์ฒญํ•  ์ˆ˜ ์—†๋„๋ก limit์ด ๊ฑธ๋ฆฌ๊ฒŒ ๋œ๋‹ค.

728x90

๊ฒฐ๋ก ์ ์œผ๋กœ, ๋” ์ด์ƒ ์ธ์ฆ์„œ๋ฅผ ๋ฐœ๊ธ‰ ๋ฐ›์„ ์ˆ˜ ์—†๊ธฐ ๋•Œ๋ฌธ์— ๋ฐœ๊ธ‰ ์ œํ•œ ๊ธฐ๊ฐ„ ๋™์•ˆ์—๋Š” ๊ธฐ์กด ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๋Š”๋ฐ, ๋‚˜๋Š” ์ธ์ฆ์„œ๋ฅผ ๋ฐฑ์—…ํ•ด๋‘์ง€ ์•Š๊ณ  ํ…Œ์ŠคํŠธํ–ˆ๊ธฐ ๋•Œ๋ฌธ์— 1์ฃผ์ผ ๋™์•ˆ ๊ธฐ๋‹ค๋ ค์•ผ ํ•˜๋Š” ์“ด๋ง›์„ ๋ณด๊ฒŒ ๋˜์—ˆ๋‹ค. ์“ด๋ง›์„ ๋ณด๊ณ  ๋‚˜์„œ ์•Œ๊ฒŒ ๋œ ๊ฒƒ์ด์ง€๋งŒ ๋งŒ์•ฝ, ์ธ์ฆ์„œ๋ฅผ 50๋ฒˆ์„ ๋„˜๊ฒŒ ๋ฐœ๊ธ‰๋ฐ›์•„์•ผ ํ•˜๋Š” ์ƒํ™ฉ์ด๋ฉด staging-environment์—์„œ๋Š” --dry-run ์ปค๋งจ๋“œ๋ฅผ ์ž…๋ ฅํ•˜์—ฌ ๋ฐœ๊ธ‰๋ฐ›๋„๋ก ํ•˜์ž. production-environment์™€๋Š” ๋‹ค๋ฅด๊ฒŒ ๋‹ค์Œ์ฒ˜๋Ÿผ ์žฌ๋ฐœ๊ธ‰์„ ๊ฑฑ์ •ํ•˜์ง€ ์•Š์•„๋„ ๋˜๋Š” ํšŸ์ˆ˜๋งŒํผ ๋Š˜์–ด๋‚œ๋‹ค. ํ•˜๋‹จ์˜ code-block์€ staging-environment๊ฐ€ ๋ฌด์—‡์ธ์ง€ ์•Œ๋ ค์ค€๋‹ค.

1. ๋“ฑ๋ก ๋œ ๋„๋ฉ”์ธ ๋‹น ์ธ์ฆ์„œ ์ˆ˜ ํ•œ๋„๋Š” ์ฃผ๋‹น 30,000์ž…๋‹ˆ๋‹ค.
2. ์ค‘๋ณต ์ธ์ฆ์„œ ํ•œ๋„๋Š” ์ฃผ๋‹น 30,000์ž…๋‹ˆ๋‹ค.
3. ์‹คํŒจํ•œ ์œ ํšจ์„ฑ ๊ฒ€์‚ฌ ์ œํ•œ์€ ์‹œ๊ฐ„๋‹น 60์ž…๋‹ˆ๋‹ค.
4. ๊ณ„์ • ๋‹น IP ์ฃผ์†Œ ์ œํ•œ์€ IP ๋‹น 3์‹œ๊ฐ„, 3์‹œ๊ฐ„๋‹น 50๊ณ„์ •์ž…๋‹ˆ๋‹ค.

๋ฌผ๋ก , staging-environment๋กœ ๋ฐœ๊ธ‰๋ฐ›๋Š”๊ฒƒ๋„ ์ค‘์š”ํ•œ์ง€๋งŒ ๋ฌด์—‡๋ณด๋‹ค production-environment๋กœ ํ•œ๋ฒˆ ๋ฐœ๊ธ‰ ๋ฐ›์€ ์ธ์ฆ์„œ๋ฅผ ๋ฐฑ์—…ํ•ด ๋†“๊ณ  ๋” ์ด์ƒ ๋ฐœ๊ธ‰์ด ์•ˆ๋˜๋ฉด ๋ฐฑ์—… ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜์ž. production-environment์—์„œ ๋ฐ›์€ ์ธ์ฆ์„œ๋Š” ๋ณดํ†ต `./certbot/live/<domain>` ํด๋” ์•ˆ์— ์ €์žฅ๋˜์–ด์žˆ๋‹ค. ๋งŒ์•ฝ, ./certbot/์— live ํด๋”๊ฐ€ ์—†๋‹ค๋ฉด ๋„๋ฉ”์ธ ์ธ์ฆ์„œ๋ฅผ ๋ฐ›์ง€ ์•Š์€ ์ƒํƒœ์ด๋ฏ€๋กœ ํ•˜๋‹จ์˜ docker-compose ์ฝ”๋“œ๋ฅผ ์ฐธ๊ณ ํ•˜์—ฌ docker-compose up ํ•  ๋•Œ ์ธ์ฆ์„œ๋ฅผ ๋ฐ›์•„์˜ค์ž.

# docker-compose.yml
version: "3"
services:
  certbot:
    image: certbot/certbot
    command: certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email <my-email.com> --agree-tos --no-eff-email -d <my-domain.com>
    volumes:
      - ./certbot/conf/:/etc/letsencrypt
      - ./certbot/logs/:/var/log/letsencrypt
      - ./certbot/data:/usr/share/nginx/html/letsencrypt

reference

  1. Let's encrypt docs: rate-limits
  2. Let's encrypt docs: staging-environment
๋ฐ˜์‘ํ˜•
์ €์ž‘์žํ‘œ์‹œ

'devOps > Docker' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[ ๋„์ปค(Docker) ] docker-compose dev, prod ๋ชจ๋“œ๋กœ ๋ฆฌํŒฉํ† ๋งํ•˜๊ธฐ  (0) 2022.03.16
[ ๋„์ปค(Docker) ] Error: EPERM: operation not permitted, scandir ๊ถŒํ•œ ์˜ค๋ฅ˜  (0) 2022.03.02

๊ด€๋ จ๊ธ€

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”