Comments (3)
👍 for the issue
Recently, I got the following HTTP error from the server, my certificates got expired without any notice.
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/etc/letsencrypt/acme-tiny/acme_tiny.py", line 164, in get_crt
certificate_pem, _, _ = _do_request(order['certificate'], err_msg="Certificate download failed")
File "/etc/letsencrypt/acme-tiny/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Certificate download failed:
Url: https://acme-v02.api.letsencrypt.org/acme/cert/xxx
Data: None
Response Code: 502
Response: {'type': 'urn:acme:error:serverInternal', 'detail': 'The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.'}
from acme-tiny.
I think I'd rather network interruptions raise a hard fail instead of blindly retrying multiple times, since significant retries can lead to banning/rate-limiting on networks that watch for spammy behavior.
from acme-tiny.
As I was writing in the initial comment, the problem gets worse the more domains you have in a request - you typically can get 3-4 domains verified after a few tries, but if you have more the chance of having all verified successfully drops with each domain you add.
If I have 5 domains, and no retry capability in the script I need to run verification against all of them until all succeed. Assuming I need 20 tries to finish that (which in my experience is on the lower end when hitting this issue), and on average it drops out at the 3rd domain I end up with 60+ verification requests.
Now if the script has retry support it'll just retry for the failing domain, which - outside of very rare circumstances - will usually go through within 2-3 tries. So we have 60+ calls vs. less then 10 calls - having retry support in the script would significantly reduce the chance of getting banned or rate limited, and is far simpler than having to script the same logic in a wrapper around the script. Also, if you're hitting this problem with more then about 5 domains retry inside of the script is the only way to get a request through.
from acme-tiny.
Related Issues (20)
- Consider switching from subprocess+openssl to Cryptography HOT 6
- List out of index error HOT 3
- Unable to update account :: contact method "" is not supported HOT 3
- Add support for alternate chains HOT 14
- Add option to change acme contact email HOT 2
- The future of acme-tiny? HOT 1
- Potential path traversal issue HOT 7
- 58752c527c9345d23a771d2a93f729aaa8fe7712 causes failure on ubuntu bionic HOT 2
- Regex for subject_alt_names fails on Windows due to \r\n as line break HOT 1
- certificate_pem, _, _ = _do_request() missing items HOT 1
- python(2) vs. python3 HOT 2
- Stack trace on unexpected HTTP response HOT 2
- [patch] minor, documentation. Do explicitly state not supporting challenge for wildcard (DNS-01) in README.md
- If you need to manually obtain the certificate, here is the easy-to-use web page ACME client on the browser, welcome to use🎉
- CERTIFICATE_VERIFY_FAILED on domain letsencrypt HOT 6
- Standalone Mode
- Asynchronous Order Finalization: will this require a change? HOT 2
- need automatic retry for LE server busy response. HOT 5
- acme-tiny has begun to issue return code 1 (indicating error) even on apparent success HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-tiny.