Comments (9)
After some tryouts Error from ACME usually changed.
From HTTP 400
to HTTP 429
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011server mode
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011maintenance#011started background certificate maintenance#011{"cache": "0xc00010d030"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011acquiring lock#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011lock acquired#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011obtaining certificate#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011waiting on internal rate limiter#011{"identifiers": ["quic.mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011done waiting on internal rate limiter#011{"identifiers": ["quic.mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[34mINFO#033[0m#011acme_client#011trying to solve challenge#011{"identifier": "quic.mydomain.com", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[31mERROR#033[0m#011acme_client#011challenge failed#011{"identifier": "quic.mydomain.com", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/VvbqZDSEz37c36tcAk7i_GWLPlrBlFZJyPpLTbPy3wY: Connection refused", "instance": "", "subproblems": []}}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[31mERROR#033[0m#011acme_client#011validating authorization#011{"identifier": "quic.mydomain.com", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/VvbqZDSEz37c36tcAk7i_GWLPlrBlFZJyPpLTbPy3wY: Connection refused", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1541273266/243611846587", "attempt": 1, "max_attempts": 3}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[31mERROR#033[0m#011obtain#011could not get certificate from issuer#011{"identifier": "quic.mydomain.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[34mINFO#033[0m#011obtain#011releasing lock#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[31mFATAL#033[0m#011failed to load server config#011{"error": "invalid config: acme.domains: quic.mydomain.com: obtaining certificate: [quic.mydomain.com] Obtain: [quic.mydomain.com] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Feb 11 11:34:16 quic systemd[1]: hysteria-server.service: Main process exited, code=exited, status=1/FAILURE
Feb 11 11:34:16 quic systemd[1]: hysteria-server.service: Failed with result 'exit-code'.
from hysteria.
1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/...: Connection refused
This line in the log tells it all.
Please note that some VPSs have firewall configuration in the client panel, which won't show up in the iptables on the server. Please make sure the TCP 80/443 port is open for the acme challenge, you can test the accessibility with the nc
command.
# on your server
nc -l -p 80
# on your pc
nc quic.mydomain.com 80
# input anything and hit enter, check if it appear on the server side
# or just simply open http://quic.mydomain.com in the browser
And your subdomain is hit the ratelimit of letsencrypt, so you got the 429 error. Please switch to another subdomain before trying again.
from hysteria.
@haruue , Thanks for quick reply.
I know how to check open port.
But, I should check this after limited quantity of time, no more than 2-3 seconds, straightaway after run command systemctl start hysteria-server.service
. Because there are no another application which listens ports 80,443 at this server, only Hysteria.
root@quic:~# ss -tupnl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=329,fd=9))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=434,fd=3))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=434,fd=4))
Checking open ports without running and listening to the application makes no sense.
from hysteria.
My hosting is https://hostvds.com/
And I have already made a request to support.
from hysteria.
But, I should check this after limited quantity of time, no more than 2-3 seconds, straightaway after run command
systemctl start hysteria-server.service
. Because there are no another application which listens ports 80,443 at this server, only Hysteria.Checking open ports without running and listening to the application makes no sense.
Instead of hysteria, you can use nc -l -p 80
on your server to listen on TCP 80.
Run apt install netcat-openbsd
(not netcat-traditional) if you don't have nc
installed.
from hysteria.
@haruue , Sorry, I didn’t read your advice carefully.
And I also checked Firewall in the panel : Looks all ports are open
P.S.: Continue conversation with VPS support
from hysteria.
I am also checked all another ports at this server: 80, 443, 8080, 4443 - all port are open
from hysteria.
Sorry, I did not check your config carefully.
Please delete these two lines.
altHTTPPort: 8080
altTLSALPNPort: 4443
And then please use another subdomain (e.g. quic1.mydomain.com
), because your current domain is still rate-limited by letsencrypt.
from hysteria.
It works, Yoo hoo , 2 weeks , aaaaaa....
But I still not understand why this was happened , because Firewall was turned off during my first attempts, and minimal config was copy-pasted from this section https://v2.hysteria.network/docs/getting-started/Server/
Only after some days I've decided go deeper to full config....
Resolved..
Big thanks to @haruue
from hysteria.
Related Issues (20)
- geo 文件非正常结束时出现问题 HOT 1
- 启动没有日志打印 HOT 1
- 命令行客户端用一段时间就报错退出 HOT 3
- [请求帮助] 使用代理后, hosts文件列表中阻止的域名都失效了 HOT 14
- 也許在QUIC中可以做到關閉SNI這個選項? HOT 1
- 傳輸UDP的做法可以更好 HOT 2
- freebsd系统下,客户端不能连接到server
- 各种办法尝尽,客户端仍然报错connect error: timeout: no recent network activity HOT 3
- 虽然不影响使用,但是这是什么情况? HOT 2
- 提升Hysteria稳定性:集成TLS伪装机制应对QoS —— 借鉴ShadowTLS和Reality的经验 HOT 3
- 各种测试,freebsd下的ipv4,ipv6双栈有问题 HOT 7
- One client - multiple servers? HOT 7
- IPv6 reqAddr not connecting HOT 3
- Allows real VPN tunnel over Hysteria HOT 6
- 为什么设置了流量统计,但是请求:域名/traffic 一直显示404 page not found,还需要什么额外的操作吗? HOT 9
- h2客户端可以链接但是clash和surge连接不上 HOT 4
- hysteriav2 tls: failed to verify certificate: x509: certificate signed by unknown authority when using CA cert HOT 4
- 如何配置hysteria2的ACL; How to configure the ACL of hysteria2? HOT 6
- hy2 ipv6的解析问题 HOT 4
- 似乎 TCP 和 UDP 转发 客户端配置不支持填入 IPv6 地址 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hysteria.