[webmin-l] Let's Encrypt Issue

[John H. <web...@ew...>]

I'm suddenly getting a lot of failures on cert updates today. Maybe I 
created a lot of new ones 2 months ago which might be why 'today'. 
Anyway, I can't seem to get any of these to update. It's on 2 different 
systems, one CentOS 6 and CentOS 7. Here is the error I'm getting:

Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in <module>
     main(sys.argv[1:])
   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main
     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, 
args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 99, in get_crt
     "agreement": 
"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
   File "/usr/libexec/webmin/webmin/acme_tiny.py", line 56, in 
_send_signed_request
     protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
   File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
     return opener.open(url, data, timeout)
   File "/usr/lib64/python2.7/urllib2.py", line 437, in open
     response = meth(req, response)
   File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
     'http', request, response, code, msg, hdrs)
   File "/usr/lib64/python2.7/urllib2.py", line 475, in error
     return self._call_chain(*args)
   File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
     result = func(*args)
   File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
     raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 504: Gateway Time-out

As the domain owners have no idea what these failure messages mean nor 
what to do about them, I have just finished going through all of the SSL 
virtservers on all of our systems and set the administrator address to 
myself. Otherwise, folks were getting 1 failure email every 5 minutes 
which... well, I'll leave that for you to translate. :)

I have a few of requests:

1. I would love it if a different notification address could be used, so 
that other features for the domain owner could still be used, such as 
resending the sign up email to them instead of me.

2. Perhaps set the cert request time down to every 15 minutes? I've had 
in one situation where Let's Encrypt started failing due to too many 
failed attempts.

(and here my thought process was interrupted by a phone call from a 
domain owner that started getting in her words, spammed by something and 
was scared of a serious problem)

3. If possible, it would be nice to have error info that was a bit more 
human readable. This one isn't a biggy, but I'm not sure what the above 
really means... what gateway timed out? My system? Their system? Or 
maybe due to some other problem?

But hey, in spite of this, I'm very happy that this ability exist! It 
has made the process painless, until it doesn't work for some reason.

Best,
John Hinton