search

coldfix / certbot-dns-netcup

netcup DNS Authenticator plugin for Certbot
Other
53 stars 6 forks source link

Timeout connecting API backend with timeout=30 #3

Closed sbiermann closed 5 years ago

sbiermann commented 5 years ago

Hi, i have a similar problem to #2. i have changed the timeout to 30 seconds but it doesn't work. The setup is using a docker container to run the certbot for a wildcard domain. Everytime i run it, it shows the following in the log

Unsafe permissions on credentials configuration file: /var/lib/letsencrypt/netcup_credentials.ini
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/error_handler.py", line 108, in _call_registered
    self.funcs[-1]()
  File "/opt/certbot/src/certbot/auth_handler.py", line 316, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/opt/certbot/src/certbot/plugins/dns_common.py", line 76, in cleanup
    self._cleanup(domain, validation_domain_name, validation)
  File "/usr/local/lib/python2.7/site-packages/certbot_dns_netcup/dns_netcup.py", line 54, in _cleanup
    with self._get_netcup_client() as api:
  File "/usr/local/lib/python2.7/site-packages/certbot_dns_netcup/dns_netcup.py", line 64, in _get_netcup_client
    credentials('api-password'),timeout=30)
  File "/usr/local/lib/python2.7/site-packages/nc_dnsapi/__init__.py", line 186, in __init__
    self.login()
  File "/usr/local/lib/python2.7/site-packages/nc_dnsapi/__init__.py", line 101, in login
    data = self.request("login", params={"apipassword": self.__api_password})
  File "/usr/local/lib/python2.7/site-packages/nc_dnsapi/__init__.py", line 80, in request
    timeout=self.__api_timeout
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 524, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 637, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 529, in send
    raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='ccp.netcup.net', port=443): Read timed out. (read timeout=30)
An unexpected error occurred:
ReadTimeout: HTTPSConnectionPool(host='ccp.netcup.net', port=443): Read timed out. (read timeout=30)
Please see the logfiles in /var/log/letsencrypt for more details.

Kind regards Stefan

Chrzi commented 5 years ago

Had the same issue. Manually calling curl with the login action revealed the netcup DNS API can be painfully slow. It took 27secs for that request to complete...

I manually set the timeout to 60 and that worked for me. However this does not feel right and I opened a thread on the netcup forums regarding the long response time.

coldfix commented 5 years ago

Hey, thanks @Chrzi, please keep us up to date about their response.

I haven't encountered this issue so far, and I'm not sure what one could do about it besides from allowing the user to set a higher timeout. I will add a corresponding parameter to the config file later this week.

coldfix commented 5 years ago

FYI, I have upped the default timeout to 60 and released a new version with configurable timeout the config file:

certbot_dns_netcup:dns_netcup_timeout = 120
Chrzi commented 5 years ago

They did some internal optimizing and the response time is now <1s for simple actions like login or adding a RR.

(German) forum thread

coldfix commented 5 years ago

Great! Does this fix your problem @sbiermann?

sbiermann commented 5 years ago

Yes, it works now perfectly.