John Hinton
2017-05-19 18:22:01 UTC
I'm suddenly getting a lot of failures on cert updates today. Maybe I
created a lot of new ones 2 months ago which might be why 'today'.
Anyway, I can't seem to get any of these to update. It's on 2 different
systems, one CentOS 6 and CentOS 7. Here is the error I'm getting:
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in <module>
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir,
args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 99, in get_crt
"agreement":
"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 56, in
_send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.7/urllib2.py", line 475, in error
return self._call_chain(*args)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 504: Gateway Time-out
As the domain owners have no idea what these failure messages mean nor
what to do about them, I have just finished going through all of the SSL
virtservers on all of our systems and set the administrator address to
myself. Otherwise, folks were getting 1 failure email every 5 minutes
which... well, I'll leave that for you to translate. :)
I have a few of requests:
1. I would love it if a different notification address could be used, so
that other features for the domain owner could still be used, such as
resending the sign up email to them instead of me.
2. Perhaps set the cert request time down to every 15 minutes? I've had
in one situation where Let's Encrypt started failing due to too many
failed attempts.
(and here my thought process was interrupted by a phone call from a
domain owner that started getting in her words, spammed by something and
was scared of a serious problem)
3. If possible, it would be nice to have error info that was a bit more
human readable. This one isn't a biggy, but I'm not sure what the above
really means... what gateway timed out? My system? Their system? Or
maybe due to some other problem?
But hey, in spite of this, I'm very happy that this ability exist! It
has made the process painless, until it doesn't work for some reason.
Best,
John Hinton
created a lot of new ones 2 months ago which might be why 'today'.
Anyway, I can't seem to get any of these to update. It's on 2 different
systems, one CentOS 6 and CentOS 7. Here is the error I'm getting:
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in <module>
main(sys.argv[1:])
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir,
args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 99, in get_crt
"agreement":
"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 56, in
_send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.7/urllib2.py", line 475, in error
return self._call_chain(*args)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 504: Gateway Time-out
As the domain owners have no idea what these failure messages mean nor
what to do about them, I have just finished going through all of the SSL
virtservers on all of our systems and set the administrator address to
myself. Otherwise, folks were getting 1 failure email every 5 minutes
which... well, I'll leave that for you to translate. :)
I have a few of requests:
1. I would love it if a different notification address could be used, so
that other features for the domain owner could still be used, such as
resending the sign up email to them instead of me.
2. Perhaps set the cert request time down to every 15 minutes? I've had
in one situation where Let's Encrypt started failing due to too many
failed attempts.
(and here my thought process was interrupted by a phone call from a
domain owner that started getting in her words, spammed by something and
was scared of a serious problem)
3. If possible, it would be nice to have error info that was a bit more
human readable. This one isn't a biggy, but I'm not sure what the above
really means... what gateway timed out? My system? Their system? Or
maybe due to some other problem?
But hey, in spite of this, I'm very happy that this ability exist! It
has made the process painless, until it doesn't work for some reason.
Best,
John Hinton