Menu
▾
▴
Re: [webmin-l] Let's Encrypt Issue
|
From: Kimberly <kim...@gm...> - 2017-05-19 20:14:43
|
Let's Encrypt certificates are not updating on my server. I am unsure how to manually updated them since they are on a Virtualmin setup. On 5/19/2017 2:22 PM, John Hinton wrote: > I'm suddenly getting a lot of failures on cert updates today. Maybe I > created a lot of new ones 2 months ago which might be why 'today'. > Anyway, I can't seem to get any of these to update. It's on 2 different > systems, one CentOS 6 and CentOS 7. Here is the error I'm getting: > > Parsing account key... > Parsing CSR... > Registering account... > Traceback (most recent call last): > File "/usr/libexec/webmin/webmin/acme_tiny.py", line 235, in <module> > main(sys.argv[1:]) > File "/usr/libexec/webmin/webmin/acme_tiny.py", line 231, in main > signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, > args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca) > File "/usr/libexec/webmin/webmin/acme_tiny.py", line 99, in get_crt > "agreement": > "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf", > File "/usr/libexec/webmin/webmin/acme_tiny.py", line 56, in > _send_signed_request > protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce'] > File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen > return opener.open(url, data, timeout) > File "/usr/lib64/python2.7/urllib2.py", line 437, in open > response = meth(req, response) > File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response > 'http', request, response, code, msg, hdrs) > File "/usr/lib64/python2.7/urllib2.py", line 475, in error > return self._call_chain(*args) > File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain > result = func(*args) > File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default > raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) > urllib2.HTTPError: HTTP Error 504: Gateway Time-out > > As the domain owners have no idea what these failure messages mean nor > what to do about them, I have just finished going through all of the SSL > virtservers on all of our systems and set the administrator address to > myself. Otherwise, folks were getting 1 failure email every 5 minutes > which... well, I'll leave that for you to translate. :) > > I have a few of requests: > > 1. I would love it if a different notification address could be used, so > that other features for the domain owner could still be used, such as > resending the sign up email to them instead of me. > > 2. Perhaps set the cert request time down to every 15 minutes? I've had > in one situation where Let's Encrypt started failing due to too many > failed attempts. > > (and here my thought process was interrupted by a phone call from a > domain owner that started getting in her words, spammed by something and > was scared of a serious problem) > > 3. If possible, it would be nice to have error info that was a bit more > human readable. This one isn't a biggy, but I'm not sure what the above > really means... what gateway timed out? My system? Their system? Or > maybe due to some other problem? > > But hey, in spite of this, I'm very happy that this ability exist! It > has made the process painless, until it doesn't work for some reason. > > Best, > John Hinton > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > |
