v2.16 & LE API v2: ERROR curl […] returned nothing

[killerbees19]

More than 16 hosts in $SANS are throwing mysterious errors. Could not create or renew such certificates. Reproducible under new working directory with new LE account and with different domains.

~/getssl.src/git/getssl -d -U -w ~/.getssl-v2-debug/ -f le-v2-debug.fnx.li

[…]

primary_ns ns.domrobot.com
Verifying san-01.le-v2-debug.fnx.li
 
url https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345563
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345572
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345573
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345574
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345575
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345576
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345577
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345578
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345579
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345580
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345581
 
nonce 0002KNwaNH_K6a1lBXiTNg9XsG192Bo-li-EUXzJinn0JnY
 
using KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/12181909
 
protected = {"alg": "RS256", "kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/12181909","nonce": "0002KNwaNH_K6a1lBXiTNg9XsG192Bo-li-EUXzJinn0JnY", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345563
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345572
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345573
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345574
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345575
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345576
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345577
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345578
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345579
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345580
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345581"}
 
payload = 
 
header, payload and signature = {"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjE4MTkwOSIsIm5vbmNlIjogIjAwMDJLTndhTkhfSzZhMWxCWGlUTmc5WHNHMTkyQm8tbGktRVVYekppbm4wSm5ZIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MzQ1NTYzCmh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQzNDU1NzIKaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNDM0NTU3MwpodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MzQ1NTc0Cmh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQzNDU1NzUKaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNDM0NTU3NgpodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MzQ1NTc3Cmh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQzNDU1NzgKaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zNDM0NTU3OQpodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM0MzQ1NTgwCmh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQzNDU1ODEifQ","payload": "","signature": "bOAKdUdADP-LOTqZPr99BZPLxLNjMhV6rEcOama0ea_-EYKXQthBAjvWDAlzVdBz4RYq-sqdydHfZBeR2oB_htikyxWKGk4hWl8LuQSO8o-XaMo88gbJLHInjREdxXGezShGa7Bn40efGEr3BMJDhivZfPm_3piHN2YBaoN2CWMFLXYYlh1DEG21ZbVIWteegIZEIRrPvcujUZ1hUOgiHuJZDllLzjGgg4QhPbjGr2jiLywtMrnnD2W5BmNATT55hwsg_p1M6z6Mm8tTUq-2867VCJAeom7BTA1qh5vzEEPa93MLQUQ4JnoPr27v2FIob_pZNOpI1ftY_MTG0v4IkW-IX5x7dC3bIzgPG5aulQSLKSvrzsXt91aXuapHzJmuCTq2TN3ypvl6cM6d6NBLtNBTxDjDw6wHVxYClscqDRbN5zUddQe10JQdPEyPKDWaKnvMkEye4ISSr6VzUR768BsXZlSBDlkUAUwwT-MH688N7-emVg8SkPIvM2hi2LWKpOT8Zf1zmOhp94g6bOSfrsYj2o_XhSkq8gTu3wJF3fNsxuYQ_pccVSxF1a1Sd0VAFMjuqud8a3I4uKMuU5vYSruOia67lAXxXaFighoXV4xyJAtNTlg7kKmDF0MWNNc7LiQaPyJk-muEZm5_hMO76fIy2Q0fTILsBn78kxHzDWc"}
getssl: ERROR curl "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345563
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345572
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345573
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345574
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345575
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345576
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345577
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345578
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345579
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345580
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/34345581" returned nothing
 
[…]

Not reproducible with LE API v1 (Staging)! And also not reproducible with less entries in $SANS, e.g. 10 hosts.

• OS: Debian GNU/Linux 9.11 (stretch)
• Bash Version GNU bash, Version 4.4.12(1)-release (x86_64-pc-linux-gnu)
• Tested with branch/commit: master 4d69e2f (v2.16)
• Full debug log: le-v2-debug.1579702329.log

• ~/.getssl-v2-debug/getssl.cfg

CA="https://acme-staging-v02.api.letsencrypt.org"

ACCOUNT_EMAIL="le-v2-debug@fnx.li"
ACCOUNT_KEY="$HOME/.getssl-v2-debug/account.key"
ACCOUNT_KEY_LENGTH=4096
PRIVATE_KEY_ALG="rsa"

CHECK_REMOTE="false"

VALIDATE_VIA_DNS="true"
DNS_ADD_COMMAND="$HOME/inwx-api.bin --add"
DNS_DEL_COMMAND="$HOME/inwx-api.bin --del"
AUTH_DNS_SERVER="ns.domrobot.com"

DNS_EXTRA_WAIT=60
DNS_WAIT=10

• ~/.getssl-v2-debug/le-v2-debug.fnx.li/getssl.cfg

SANS="san-01.le-v2-debug.fnx.li,san-02.le-v2-debug.fnx.li,san-03.le-v2-debug.fnx.li,san-04.le-v2-debug.fnx.li,san-05.le-v2-debug.fnx.li,san-06.le-v2-debug.fnx.li,san-07.le-v2-debug.fnx.li,san-08.le-v2-debug.fnx.li,san-09.le-v2-debug.fnx.li,san-10.le-v2-debug.fnx.li,san-11.le-v2-debug.fnx.li,san-12.le-v2-debug.fnx.li,san-13.le-v2-debug.fnx.li,san-14.le-v2-debug.fnx.li,san-15.le-v2-debug.fnx.li,san-16.le-v2-debug.fnx.li,san-17.le-v2-debug.fnx.li,san-18.le-v2-debug.fnx.li,san-19.le-v2-debug.fnx.li,san-20.le-v2-debug.fnx.li"

Any ideas what's going wrong here?

[timkimber]

Hi,
This appears to be the same problem as #475, I've made the fix suggested in that issue in the branch fix-more-than-10-domains - if you can test this and verify it works for you I'll include it in the next release.
Thanks
Tim

[killerbees19]

Woohoo! 😍

25ab411 fixed it. Thank you very much, @timkimber & @almanleon. Sorry that I've opened another issue for this bug, I've not seen the other one…

Now I'm ready to proceed with APIv2 migration.