Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23

    Let's Encrypt always needs second try

    Is anybody else experiencing this? Whenever I click "Generate all with Let's Encrypt" it generates an error on the first try, the gist of it being "Temporary failure in name resolution".
    Only on the second try the whole process goes through.

    Just want to confirm this is "normal" behaviour....

    Cheers, Michael

  2. #2
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    I hope your well

    I'll see if I can try this but I might think slow dns server perhaps

    As far as I know, but could be wrong, LE checks that the A record exists and is pointed at the server it is been created on

    Many thanks

    John

  3. #3
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    I have just tried LE on a holding domain we have for client, and worked first time.

    We are on centos 6 with latest Iw 5.1.51

    Is it still the same for you today, as it could at a pinch be LE systems running slow or a high peak time

    Many thanks

    John

  4. #4
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23
    Hi John,

    I am fine thanks. Looking forward to summer temperatures... And you are great, I hope?

    Slow DNS was exactly my thinking, but that would mean my own DNS are slow, right? Not sure why they would be though... If I test my own DNS servers, they answer quickly (around 120 ms)

    This happens all the time, since beginning of the year, when I started using Let's Encrypt. But I have so gotten used to clicking, waiting for the errro message and then clicking again that I didn't think about it much anymore. But now I thought "take the time and get to the bottom of this"... ;-)

    Cheers,

    Michael

  5. The Following User Says Thank You to mdeinhardt For This Useful Post:


  6. #5
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    Many thanks

    Your dns speeds look fine at 120ms, think you score A+ on a dns test at that

    I'll have to try in a centos 7, but will be later as I'm pretty tied up next few days, and I need to transfer a domain to the test server, as LE needs it on same server with correct dns

    I'll let you know how it goes but certainly if it fails first time, then works second time, there's a delay somewhere I think

    Many thanks

    John

  7. #6
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23
    I was also thinking, maybe LE is running their own resolver and the first request is a miss, but when the second comes, the resolver has updated his records already...

    Not sure though. But I agree, it must be some timeout, most likely DNS related.

  8. The Following User Says Thank You to mdeinhardt For This Useful Post:


  9. #7
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael
    Sorry, just tried LE on centos 7, and LE are having issues.
    If you read the community link for LE you may find it interesting but it is others thoughts
    I will try over the weekend, and hopefully LE should have resolved their issues hopefully. It will also allow DNS to populate on the A record I changed for a domain I will test with.
    I hope that helps and have a lovely weekend
    Many thanks
    John
    Installing SSL Certificate failed!
    ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
    https://community.letsencrypt.org/t/...port-443/34341
    http://letsencrypt.status.io/

  10. #8
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60

    Let's Encrypt always needs second try

    Hi Michael

    I have just tried this on the test server, centos 7 and latest IW, all updated to yesterday and it worked lovely

    Do all your Iw servers on centos 7 do the same

    Is LE working now as it should - thinking of the issue from yesterday maybe your issue earlier

    Many thanks and have a lovely weekend

    John

  11. #9
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23
    Hi John,

    it seems not to be related to Centos, I have 6.9 and 7.3 running and it happens on both. It also happens for newly added domains as well as for older ones. I just tried it on4 different servers, and it happend only on one, but with a domain that already had an LE certificate, so it had worked in the past.
    I get this error (the same as always)

    Installing SSL Certificate failed!
    ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.con nection.VerifiedHTTPSConnection object at 0x7f033577e650>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',))
    Usually I simply have to click on "Generate all with Let's Encrypt" again, but this time I got a new error:

    Installing SSL Certificate failed!
    <p"
    Hmm...

  12. #10
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23
    btw. your isseu might have been related to an internal LE problem: https://www.heise.de/newsticker/meld...t-3719227.html (sorry found no english reference to it, it basically says that LE was down for a few hours on may, 19th.)

  13. #11
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael
    Many thanks, yes that was the issue on the 19 May.
    This is a new issue though, as I have tried on live servers and it fails as you post.
    Looking at it below stands out, so I am thinking a change has been made by LE, most likely due to OSCP, as my extract lower down shows my test domain used, is not authorised.
    I will open a support ticket and show this thread, so they can have a look and you have credit. It is new though, as my tests on Saturday showed no issue, and there has been no updates of Centos or IW (see pic)
    Many thanks
    John

    2017-05-22 11:13:33.44827 [lxeduu-bdk7-h6my-PHP] [WARN] : entered correctly and the DNS A record(s) for that domain : controller.php
    2017-05-22 11:13:33.44821 [lxeduu-bdk7-h6my-PHP] [WARN] : To fix these errors, please make sure that your domain name was : controller.php
    2017-05-22 11:13:33.46702 [lxeduu-bdk7-5rbw-CLI] [INFO] : script end : controller.php2017-05-22 11:13:33.46650 [lxeduu-bdk7-5rbw-CLI] [ERR] : Unknown ini access [cluster][node_id] : controller.php2017-05-22 11:13:33.44834 [lxeduu-bdk7-h6my-PHP] [WARN] : contain(s) the right IP address. : controller.php2017-05-22 11:13:33.44827 [lxeduu-bdk7-h6my-PHP] [WARN] : entered correctly and the DNS A record(s) for that domain : controller.php2017-05-22 11:13:33.44821 [lxeduu-bdk7-h6my-PHP] [WARN] : To fix these errors, please make sure that your domain name was : controller.php2017-05-22 11:13:33.44815 [lxeduu-bdk7-h6my-PHP] [WARN] : : controller.php2017-05-22 11:13:33.44809 [lxeduu-bdk7-h6my-PHP] [WARN] : <p" : controller.php2017-05-22 11:13:33.44803 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44797 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44791 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44785 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44779 [lxeduu-bdk7-h6my-PHP] [WARN] : "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44773 [lxeduu-bdk7-h6my-PHP] [WARN] : http://www.mytestdomain.url/.well-kn...OHk4-HePFPOdMk: : controller.php2017-05-22 11:13:33.44767 [lxeduu-bdk7-h6my-PHP] [WARN] : Detail: Invalid response from : controller.php2017-05-22 11:13:33.44761 [lxeduu-bdk7-h6my-PHP] [WARN] : Type: unauthorized : controller.php2017-05-22 11:13:33.44755 [lxeduu-bdk7-h6my-PHP] [WARN] : Domain: www.mytestdomain.url : controller.php2017-05-22 11:13:33.44749 [lxeduu-bdk7-h6my-PHP] [WARN] : : controller.php2017-05-22 11:13:33.44743 [lxeduu-bdk7-h6my-PHP] [WARN] : <p" : controller.php2017-05-22 11:13:33.44737 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44730 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44723 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44717 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44711 [lxeduu-bdk7-h6my-PHP] [WARN] : "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44705 [lxeduu-bdk7-h6my-PHP] [WARN] : http://mytestdomain.url/.well-known/...3l0_-CWRKIIpOc: : controller.php2017-05-22 11:13:33.44699 [lxeduu-bdk7-h6my-PHP] [WARN] : Detail: Invalid response from : controller.php2017-05-22 11:13:33.44693 [lxeduu-bdk7-h6my-PHP] [WARN] : Type: unauthorized : controller.php2017-05-22 11:13:33.44687 [lxeduu-bdk7-h6my-PHP] [WARN] : Domain: mytestdomain.url : controller.php2017-05-22 11:13:33.44681 [lxeduu-bdk7-h6my-PHP] [WARN] : : controller.php2017-05-22 11:13:33.44675 [lxeduu-bdk7-h6my-PHP] [WARN] : - The following errors were reported by the server: : controller.php2017-05-22 11:13:33.44669 [lxeduu-bdk7-h6my-PHP] [WARN] : IMPORTANT NOTES: : controller.php2017-05-22 11:13:33.44663 [lxeduu-bdk7-h6my-PHP] [WARN] : <p" : controller.php2017-05-22 11:13:33.44657 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44651 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44645 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44639 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44632 [lxeduu-bdk7-h6my-PHP] [WARN] : <p", www.mytestdomain.url (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mytestdomain.url/.well-kn...OHk4-HePFPOdMk: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44625 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44619 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44613 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44607 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44601 [lxeduu-bdk7-h6my-PHP] [WARN] : Failed authorization procedure. mytestdomain.url (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mytestdomain.url/.well-known/...3l0_-CWRKIIpOc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44595 [lxeduu-bdk7-h6my-PHP] [WARN] : <p" : controller.php2017-05-22 11:13:33.44589 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44583 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44577 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php 2017-05-22 11:13:33.44571 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44564 [lxeduu-bdk7-h6my-PHP] [WARN] : <p", www.mytestdomain.url (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mytestdomain.url/.well-kn...OHk4-HePFPOdMk: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44557 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44551 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44545 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44539 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php2017-05-22 11:13:33.44532 [lxeduu-bdk7-h6my-PHP] [WARN] : FailedChallenges: Failed authorization procedure. mytestdomain.url (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mytestdomain.url/.well-known/...3l0_-CWRKIIpOc: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> : controller.php2017-05-22 11:13:33.44525 [lxeduu-bdk7-h6my-PHP] [WARN] : raise errors.FailedChallenges(all_failed_achalls) : controller.php2017-05-22 11:13:33.44519 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges : controller.php2017-05-22 11:13:33.44513 [lxeduu-bdk7-h6my-PHP] [WARN] : self._poll_challenges(chall_update, best_effort) : controller.php2017-05-22 11:13:33.44506 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond : controller.php2017-05-22 11:13:33.44500 [lxeduu-bdk7-h6my-PHP] [WARN] : self._respond(resp, best_effort) : controller.php2017-05-22 11:13:33.44494 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations : controller.php2017-05-22 11:13:33.44488 [lxeduu-bdk7-h6my-PHP] [WARN] : self.config.allow_subset_of_names) : controller.php2017-05-22 11:13:33.44482 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate : controller.php2017-05-22 11:13:33.44476 [lxeduu-bdk7-h6my-PHP] [WARN] : certr, chain, key, _ = self.obtain_certificate(domains) : controller.php2017-05-22 11:13:33.44470 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate : controller.php2017-05-22 11:13:33.44464 [lxeduu-bdk7-h6my-PHP] [WARN] : lineage = le_client.obtain_and_enroll_certificate(domains, certname) : controller.php2017-05-22 11:13:33.44458 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert : controller.php2017-05-22 11:13:33.44452 [lxeduu-bdk7-h6my-PHP] [WARN] : lineage = _get_and_save_cert(le_client, config, domains, certname, lineage) : controller.php2017-05-22 11:13:33.44446 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 682, in certonly : controller.php2017-05-22 11:13:33.44440 [lxeduu-bdk7-h6my-PHP] [WARN] : return config.func(config, plugins) : controller.php2017-05-22 11:13:33.44434 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 742, in main : controller.php2017-05-22 11:13:33.44427 [lxeduu-bdk7-h6my-PHP] [WARN] : sys.exit(main()) : controller.php2017-05-22 11:13:33.44421 [lxeduu-bdk7-h6my-PHP] [WARN] : File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> : controller.php2017-05-22 11:13:33.44415 [lxeduu-bdk7-h6my-PHP] [WARN] : Traceback (most recent call last): : controller.php2017-05-22 11:13:33.44409 [lxeduu-bdk7-h6my-PHP] [WARN] : Exiting abnormally: : controller.php2017-05-22 11:13:33.44402 [lxeduu-bdk7-h6my-PHP] [WARN] : All challenges cleaned up, removing /home/mytestdo/mytestdomain.url/html/.well-known/acme-challenge : controller.php2017-05-22 11:13:33.44396 [lxeduu-bdk7-h6my-PHP] [WARN] : Removing /home/mytestdo/mytestdomain.url/html/.well-known/acme-challenge/plRO4r6i4eel7FP_0hxq84Tu8jCmLOHk4-HePFPOdMk : controller.php2017-05-22 11:13:33.44390 [lxeduu-bdk7-h6my-PHP] [WARN] : Removing /home/mytestdo/mytestdomain.url/html/.well-known/acme-challenge/Z0p78kTJKwVAObpRp3CxwMLBUse9p3l0_-CWRKIIpOc : controller.php2017-05-22 11:13:33.44384 [lxeduu-bdk7-h6my-PHP] [WARN] : Cleaning up challenges : controller.php2017-05-22 11:13:33.44378 [lxeduu-bdk7-h6my-PHP] [WARN] : To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. : controller.php2017-05-22 11:13:33.44372 [lxeduu-bdk7-h6my-PHP] [WARN] : : controller.php2017-05-22 11:13:33.44366 [lxeduu-bdk7-h6my-PHP] [WARN] : <p" : controller.php2017-05-22 11:13:33.44360 [lxeduu-bdk7-h6my-PHP] [WARN] : <h1>Not Found</h1> : controller.php2017-05-22 11:13:33.44354 [lxeduu-bdk7-h6my-PHP] [WARN] : </head><body> : controller.php2017-05-22 11:13:33.44347 [lxeduu-bdk7-h6my-PHP] [WARN] : <title>404 Not Found</title> : controller.php2017-05-22 11:13:33.44341 [lxeduu-bdk7-h6my-PHP] [WARN] : <html><head> : controller.php
    Attached Images Attached Images  

  14. The Following User Says Thank You to d2d4j For This Useful Post:


  15. #12
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    I'll hang my head in shame sorry

    The domain I tested on Saturday by repointing to test server, which worked lovely Saturday and repointed back, was... a disabled domain on live server, which is why I forgot about it sorry

    It was IW-Jenna who looked into it and told me. Kudos to IW

    Is your domain same as mine, disabled in IW

    I hope that helps

    Many thanks

    John

  16. #13
    Join Date
    Jun 2014
    Posts
    182
    Points
    3,196
    Level
    23
    Hi John,
    hehe, these things happen, no worries...

    But nope, the domains are active and as written above I sometimes have the issue when adding a new domain, but also when I want to exchange the certificate (e.g. in order to add a subdomain) on a domain, that has been online for months or years. I cannot find any common denominator, only that it doesn't work on the first try quite often.

    The new issue of today, where I get this error
    Installing SSL Certificate failed!
    <p"
    seems to be unrelated and opnly happened on one server so far.

    I'm gonna restart the relevant server tonight and if the problem persists, I might need some help from IW.

  17. The Following User Says Thank You to mdeinhardt For This Useful Post:


  18. #14
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    Ahh yes, haha but just seems to happen to me sorry

    I thought before replying I had better test, so enabled the domain and LE worked lovely, so disabled the account.

    IW-Jenna did ask if you were still having the issue, to open a support ticket so IW could have a look to see what's happening.

    I do believe it is connected with dns though, as your earlier post showed domain resolution failed but guess I need a holiday to recharge my aging batteries

    Many thanks

    John

  19. #15
    Join Date
    Apr 2012
    Posts
    2,028
    Points
    19,057
    Level
    60
    Hi Michael

    Just a thought, as I think it's vps Iw.

    On the Iw server you took the log extract on, i.e. Max retries exceeded. Is there more then 1 IP address it could use

    I'm thinking (seen it before), the original outgoing request maybe on 1 ip but subsequently change its outgoing ip to a different ip, there exceeding tries on new connection.

    It's just a thought

    Many thanks

    John

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •