search

auto-ssl / lua-resty-auto-ssl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
MIT License
1.94k stars 182 forks source link

ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 60) #265

Closed acoyfellow closed 3 years ago

acoyfellow commented 3 years ago

Hello, I've been running lua-resty-auto-ssl for almost 4 years in production. Recently I'm seeing this error, with some domains:

[lua] lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=cd182b420c12cc01668940db6c172d054a5dc5e8d9f67a8469e3b1eb03e332346 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain **(domain)**.online --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
 err: ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 60)
, context: ssl_certificate_by_lua*, client: 10.132.98.000, server: 0.0.0.0:443
2021/10/05 14:48:24 [error] 34#34: *106409 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 10.132.98.000, server: 0.0.0.0:443
2021/10/05 14:48:24 [error] 34#34: *106409 [lua] ssl_certificate.lua:291: auto-ssl: could not get certificate for **(domain)**.online - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 10.132.98.000, server: 0.0.0.0:443

I can't quite track the cause yet - but the DNS settings for each appear to be working, but I'm unable to replicate it with my own domains.

Edit: and just for posterity, when i curl https://acme-v02.api.letsencrypt.org/directory:

{
  "F1glgtklx38": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}

I'm seeing this across multiple domains and 4 different servers in production

acoyfellow commented 3 years ago

I was using an old docker image - openresty/openresty:latest-xenial. switching to openresty/openresty:bionic i'm able to work through this.