Git Product home page Git Product logo

Comments (9)

andrsharov avatar andrsharov commented on June 18, 2024

After some tryouts Error from ACME usually changed.
From HTTP 400 to HTTP 429

Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011server mode
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011maintenance#011started background certificate maintenance#011{"cache": "0xc00010d030"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011acquiring lock#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011lock acquired#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011obtain#011obtaining certificate#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011waiting on internal rate limiter#011{"identifiers": ["quic.mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
Feb 11 11:34:13 quic hysteria[748]: 2024-02-11T11:34:13Z#011#033[34mINFO#033[0m#011done waiting on internal rate limiter#011{"identifiers": ["quic.mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "[email protected]"}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[34mINFO#033[0m#011acme_client#011trying to solve challenge#011{"identifier": "quic.mydomain.com", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[31mERROR#033[0m#011acme_client#011challenge failed#011{"identifier": "quic.mydomain.com", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/VvbqZDSEz37c36tcAk7i_GWLPlrBlFZJyPpLTbPy3wY: Connection refused", "instance": "", "subproblems": []}}
Feb 11 11:34:15 quic hysteria[748]: 2024-02-11T11:34:15Z#011#033[31mERROR#033[0m#011acme_client#011validating authorization#011{"identifier": "quic.mydomain.com", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/VvbqZDSEz37c36tcAk7i_GWLPlrBlFZJyPpLTbPy3wY: Connection refused", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1541273266/243611846587", "attempt": 1, "max_attempts": 3}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[31mERROR#033[0m#011obtain#011could not get certificate from issuer#011{"identifier": "quic.mydomain.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/"}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[34mINFO#033[0m#011obtain#011releasing lock#011{"identifier": "quic.mydomain.com"}
Feb 11 11:34:16 quic hysteria[748]: 2024-02-11T11:34:16Z#011#033[31mFATAL#033[0m#011failed to load server config#011{"error": "invalid config: acme.domains: quic.mydomain.com: obtaining certificate: [quic.mydomain.com] Obtain: [quic.mydomain.com] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/ (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Feb 11 11:34:16 quic systemd[1]: hysteria-server.service: Main process exited, code=exited, status=1/FAILURE
Feb 11 11:34:16 quic systemd[1]: hysteria-server.service: Failed with result 'exit-code'.

from hysteria.

haruue avatar haruue commented on June 18, 2024 
1.2.3.4: Fetching http://quic.mydomain.com/.well-known/acme-challenge/...: Connection refused

This line in the log tells it all.

Please note that some VPSs have firewall configuration in the client panel, which won't show up in the iptables on the server. Please make sure the TCP 80/443 port is open for the acme challenge, you can test the accessibility with the nc command.

# on your server
nc -l -p 80

# on your pc
nc quic.mydomain.com 80
# input anything and hit enter, check if it appear on the server side
# or just simply open http://quic.mydomain.com in the browser

And your subdomain is hit the ratelimit of letsencrypt, so you got the 429 error. Please switch to another subdomain before trying again.

from hysteria.

andrsharov avatar andrsharov commented on June 18, 2024

@haruue , Thanks for quick reply.

I know how to check open port.

But, I should check this after limited quantity of time, no more than 2-3 seconds, straightaway after run command systemctl start hysteria-server.service . Because there are no another application which listens ports 80,443 at this server, only Hysteria.

root@quic:~# ss -tupnl
Netid                    State                     Recv-Q                    Send-Q                                       Local Address:Port                                        Peer Address:Port                    Process                                               
udp                      UNCONN                    0                         0                                                  0.0.0.0:68                                               0.0.0.0:*                        users:(("dhclient",pid=329,fd=9))                    
tcp                      LISTEN                    0                         128                                                0.0.0.0:22                                            0.0.0.0:*                        users:(("sshd",pid=434,fd=3))                        
tcp                      LISTEN                    0                         128                                                   [::]:22                                                [::]:*                        users:(("sshd",pid=434,fd=4))

Checking open ports without running and listening to the application makes no sense.

from hysteria.

andrsharov avatar andrsharov commented on June 18, 2024

My hosting is https://hostvds.com/
And I have already made a request to support.

from hysteria.

haruue avatar haruue commented on June 18, 2024

But, I should check this after limited quantity of time, no more than 2-3 seconds, straightaway after run command systemctl start hysteria-server.service . Because there are no another application which listens ports 80,443 at this server, only Hysteria.

Checking open ports without running and listening to the application makes no sense.

Instead of hysteria, you can use nc -l -p 80 on your server to listen on TCP 80.

Run apt install netcat-openbsd (not netcat-traditional) if you don't have nc installed.

from hysteria.

andrsharov avatar andrsharov commented on June 18, 2024

@haruue , Sorry, I didn’t read your advice carefully.

Looks port 80 is open.
image

And I also checked Firewall in the panel : Looks all ports are open
image

image

P.S.: Continue conversation with VPS support

from hysteria.

andrsharov avatar andrsharov commented on June 18, 2024

I am also checked all another ports at this server: 80, 443, 8080, 4443 - all port are open

from hysteria.

haruue avatar haruue commented on June 18, 2024

Sorry, I did not check your config carefully.

Please delete these two lines.

  altHTTPPort: 8080
  altTLSALPNPort: 4443

And then please use another subdomain (e.g. quic1.mydomain.com), because your current domain is still rate-limited by letsencrypt.

from hysteria.

andrsharov avatar andrsharov commented on June 18, 2024

It works, Yoo hoo , 2 weeks , aaaaaa....

But I still not understand why this was happened , because Firewall was turned off during my first attempts, and minimal config was copy-pasted from this section https://v2.hysteria.network/docs/getting-started/Server/

Only after some days I've decided go deeper to full config....

Resolved..

Big thanks to @haruue

from hysteria.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.