113345
Verified User
Since the upgrade from letsencrypt.sh from version 1.1.42 to 2.0.7 it is not possible anymore to get a renewal or request a new wildcard certificate.
The script gives about 24 lines with the following and then complains that the time limit was exceeded.
The v1.1.42 script has the possibility to use "DIG_SECONDS=120" (or another value) to have the script wait between dig lookups/tries to accommodate slow propagation.
See below for the output of that script.
Is it possible to introduce the same parameter in the new v2 script?
Code:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
2020/08/02 01:14:22 [INFO] [***.nl, *.***.nl] acme: Obtaining SAN certificate
2020/08/02 01:14:25 [INFO] [*.***.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/************
2020/08/02 01:14:25 [INFO] [***.nl] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/************
2020/08/02 01:14:25 [INFO] [*.***.nl] acme: authorization already valid; skipping challenge
2020/08/02 01:14:25 [INFO] [***.nl] acme: Could not find solver for: tls-alpn-01
2020/08/02 01:14:25 [INFO] [***.nl] acme: Could not find solver for: http-01
2020/08/02 01:14:25 [INFO] [***.nl] acme: use dns-01 solver
2020/08/02 01:14:25 [INFO] [***.nl] acme: Preparing to solve DNS-01
2020/08/02 01:14:25 [INFO] [***.nl] acme: Trying to solve DNS-01
2020/08/02 01:14:25 [INFO] [***.nl] acme: Checking DNS record propagation using [8.8.8.8:53]
2020/08/02 01:14:27 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
The script gives about 24 lines with the following and then complains that the time limit was exceeded.
Code:
2020/08/02 01:14:35 [INFO] [***.nl] acme: Waiting for DNS record propagation.
2020/08/02 01:14:37 [INFO] [***.nl] acme: Waiting for DNS record propagation.
Code:
2020/08/02 01:15:27 [INFO] [***.nl] acme: Cleaning DNS-01 challenge
2020/08/02 01:15:28 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/************
2020/08/02 01:15:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/************
2020/08/02 01:15:28 Could not obtain certificates:
error: one or more domains had a problem:
[***.nl] time limit exceeded: last error: NS ns2.transip.eu. did not return the expected TXT record [fqdn: _acme-challenge.***.nl., value: ************]: 08ALHvWD7LJS************18CRedtX-V************
Certificate generation failed.
The v1.1.42 script has the possibility to use "DIG_SECONDS=120" (or another value) to have the script wait between dig lookups/tries to accommodate slow propagation.
See below for the output of that script.
Code:
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/************...
Processing authorization for ***.nl...
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/************...
Processing authorization for ***.nl...
DNS challenge test fail for _acme-challenge.***.nl IN TXT "************", retrying...
Retry failed, trying again in 120s...
Retry failed, trying again in 120s...
Retry failed, trying again in 120s...
Retry failed, trying again in 120s...
Retry failed, trying again in 120s...
Retry failed, trying again in 120s...
Waiting for domain verification...
Challenge is valid.
Challenge is valid.
Generating 4096 bit RSA key for ***.nl...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/******/domains/***.nl.key.new"
Generating RSA private key, 4096 bit long modulus
...........................................................................++
.........................++
e is 65537 (0x10001)
Checking Certificate Private key match... Match!
Certificate for ***.nl has been created successfully!
Is it possible to introduce the same parameter in the new v2 script?