New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let's Encrypt no longer works when Domain errors out #480

Closed
chaos234 opened this Issue Oct 12, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@chaos234

chaos234 commented Oct 12, 2017

When a Domain makes a request to Let's Encrypt and errors out it blocks other requests from other Domains.

This should be caught so that the request get canceld after the 3rd error.
Each Block below is triggered 2-5 times and no, I did not changed anything on my system.

System information

  • Froxlor version: $version/$gitSHA1
  • Web server: nginx/
  • DNS server: Bind
  • POP/IMAP server: Dovecot
  • SMTP server: postfix
  • FTP server: proftpd
  • OS/Version: Debian 8 (latest)

Log files/log entries

syslog:

Could not get Let's Encrypt certificate for xxx: Verification ended with error: {"identifier":{"type":"dns","value":"xxx"},"status":"invalid","expires":"2017-10-19T21:10:07Z","challenges":[{"type":"dns-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075798","token":"zS2FnhcdaMGXXLtJZ4YjIosXCKpUit0JzISXh9VMQVM"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE [2a00:f48:2000:affe:fe00::6]: 404","status":403},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075799","token":"qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE","keyAuthorization":"qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE.3mDRa2uuPrY4ScOuWLlHF_ivCTGS60U94exiwcaibNI","validationRecord":[{"url":"http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE","hostname":"xxx","port":"80","addressesResolved":["46.4.77.233","2a00:f48:2000:affe:fe00::6","2a00:f48:2000:affe:fe00::36","2a00:f48:2000:affe:fe00::33","2a00:f48:2000:affe:fe00::24"],"addressUsed":"2a00:f48:2000:affe:fe00::6","addressesTried":[]}]},{"type":"tls-sni-01","status":"pending","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/zW8QIEYuAoeeUlplOQqVtyZ5poyN-mDR-qYs398mUnk\/2191075800","token":"HQG-jONSRusu5NUMwBKA5bbGQeUnzrPxnA07yhg-8PY"}],"combinations":[[0],[1],[2]]}

letsencrypt Please check http://xxx/.well-known/acme-challenge/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/xxx\/.well-known\/acme-challenge\/qn08Bdi5V82VJ3302BhIThgsuLOBtJQhclbhJzxBIfE): failed to open stream: HTTP request failed! HTTP\/1.1 000 \r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":232}

Could not get Let's Encrypt certificate for xxx: No challenges received for 3d.yannickfelix.ml. Whole response: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many invalid authorizations recently.","status":429}
@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Oct 13, 2017

Member

Well that's what the self-check is for (see https://github.com/Froxlor/Froxlor/blob/master/lib/classes/ssl/class.lescript.php#L229 ) befor sending anything to Let's Encrypt. You seem to get a 404 error, maybe the selfcheck does not error on http results, I'll test

Member

d00p commented Oct 13, 2017

Well that's what the self-check is for (see https://github.com/Froxlor/Froxlor/blob/master/lib/classes/ssl/class.lescript.php#L229 ) befor sending anything to Let's Encrypt. You seem to get a 404 error, maybe the selfcheck does not error on http results, I'll test

@chaos234

This comment has been minimized.

Show comment
Hide comment
@chaos234

chaos234 Nov 19, 2017

Any responses to this problem?

Because a secound Domain hast this problem and errored out with a 404 that it can not finde the file :(

chaos234 commented Nov 19, 2017

Any responses to this problem?

Because a secound Domain hast this problem and errored out with a 404 that it can not finde the file :(

@d00p d00p closed this in 5540b02 Nov 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment