"Unable to update account :: too many contacts provided:"

With latest Trellis I have a new issue with Let’s Encrypt:

Unable to update account :: too many contacts provided: 21 > 10'

21 contacts with only 10 contacts allowed, that’s a very large discrepancy.

What does this mean, “too many contacts”? Isn’t only one contact used, the one of the webmaster?

Error while generating certificate for <redacted>
Traceback (most recent call last):
  File "/usr/local/letsencrypt/acme_tiny.py", line 198, in <module>
  File "/usr/local/letsencrypt/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/local/letsencrypt/acme_tiny.py", line 115, in get_crt
    account, _, _ = _send_signed_request(acct_headers['Location'], {"contact": contact}, "Error updating contact details")
  File "/usr/local/letsencrypt/acme_tiny.py", line 60, in _send_signed_request
    return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
  File "/usr/local/letsencrypt/acme_tiny.py", line 46, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error updating contact details:
Url: https://acme-v02.api.letsencrypt.org/acme/acct/<redacted>
Response Code: 400
Response: {u'status': 400, u'type': u'urn:ietf:params:acme:error:malformed', u'detail': u'Unable to update account :: too many contacts provided: 31 > 10'}

Let’s Encrypt Boulder server validation code that throws this error:

Does Trellis/acme-tiny create an account per domain, reaching the Let’s Encrypt account creation rate limits?


So in the Trellis config the variable for Let’s Encrypt contact email was set using quotes, as literal:
letsencrypt_contact_emails: "webmaster@example.com"
This resulted in an incorrect interpolation/renew_certs.py script file generation by the ansible playbook, each lettering being a mailto email address:

'--contact mailto:w mailto:e mailto:b mailto:m mailto:a mailto:s mailto:t mailto:e mailto:r mailto:@ mailto:e mailto:x [...]

The variable has to be a list:

  - webmaster@example.com

This can be overlooked, so Trellis should check/sanitize the variable to prevent these kinds of issues.


This topic was automatically closed after 42 days. New replies are no longer allowed.