Adding random entries to the directory

API Announcements
1

ACME is designed to be extensible by adding new JSON fields, which should be ignored by clients that do not understand them. Unfortunately, some of the earliest ACME clients were intolerant of new fields, which has made it hard to introduce new fields to objects like the one returned from the /directory/ endpoint. Taking inspiration from a Chrome TLS feature we have decided to add a key/keys to directory with randomly generated names in order to dissuade client developers from writing clients in such a way that prevents us from adding new keys in the future.

If you have been directed here because your client broke due to a unexpected key in the directory object with the URL of this thread as its value then you should open an issue on the tracker for the client you use directing the developers to this thread for more information.

13 Likes
/directory endpoint changes on staging
Unable to setup auto renewal of SSL certificate
API "/directory" endpoint "meta" field addition
Fail to renew or create certificates from a DDNS provider, others work
Renew Certs Error
Can't access https://acme-v01.api.letsencrypt.org/directory
Testing Certbot
Sudo certbot --authenticator webroot --installer apache exit with error
Certificate is not being generated
Renewal used to work but dies not anymore
Adding random entries to the directory - reference wanted
DNS problem: NXDOMAIN looking up A for hostname.mydomain.tld
Modified certificate errors - for windows exchange server
TLS-SNI-01 To HTTP-01
Nginx PM - Ionos - renew failed
ConnectionError acme-v02.api.letsencrypt.org
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
Problem Renew LetsenCrypt (certbot autorenew)
Http challange doesn’t operate (Invalid response… )
Problem updating ACME TLS-SNI-01 to alternative validation method
Problem creating new certificate with http-01 validation
ERROR: Problem connecting to server (get for https://acme-v02.api.letsencrypt.org/directory; curl returned with 60)
IMPORTANT NOTES: - Unable to install the certificate
Time out error from go daddy server
Empty response from 'POST /acme/new-authz' with one particular cert
Error message - renewing Lets Encrypt via Terminal
Certbot 0.22.0 Release with ACMEv2 and Wildcard Support
Renewal is failing - Not sure why
How to receive Let'sEncypt certificates
cPanel AutoSSL Error On WHM
Chrome, Firefox non valid certificates
Botched macOS (High Sierra) Server → Mojave migration + renewal
Certbot renew not working
All renewal attempts failed
The client lacks sufficient authorization
Certbot couldn't add ssl
Certbot not working for me
Client with the currently selected authericator does not support any combination of challegnes that will satisfy the CA
Certbot-auto fails / worked just fine until Dec '19
"Certificate name mismatch" and certificate installation errors -- help! :-)
No certificate file is being generated
OpenBSD 6.4 acme-client bad CA paths
OpenBSD 6.4 acme-client bad CA paths
OpenBSD 6.4 acme-client bad CA paths
OpenBSD 6.4 acme-client bad CA paths
After enabling SSL, my web site is borked
Need Help, Please
Revoke cert and it tries and renews
Http-01 challenge fails
Sever can't access Letsencrypt
Automatic cert renewal fails, by hand --dry run successes
MASTER DCV: The system failed to send an HTTP
Slow to generate renewal certs
ACMEv1 question for letsencrypt-express client
ACMEv1 question for letsencrypt-express client
Lost in large error message and weird traceroute
ASUS DSL-AC68U - Free Certificate
Ubuntu Certbot migration for
Excessively Low Limits
Sever can't access Letsencrypt
Invalid response from...on nginx
Connection Reset by Peer - Certbot Renew Fails
Error with certbot
HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out
HTTPSConnectionPool(host=‘acme-v02.api.letsencrypt.org’, port=443): Read timed out
Apache, windows, certficates failing with invalid
Ubuntu 20.04 - Any tips? AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'
Timeout during connect (likely firewall problem)
Unable to issue or renew some certificats
Staging server refers to TXT-records that have been deleted
Certificate created but not uploaded
All renewal attempts failed. The following certs could not be renewed:
How to SSL installation for new subdomain
Failed authorization procedure.The client lacks sufficient authorization
Renewal fails when 200 is returned on 2 letsencrypt requests
Unable to renew cert
Problem while create new certificates
Attempting to renew cert unexpected error
CertBot failed with error (1) - unauthorized type
Certbot gets "Timeout during connect"
Certificate renewal timeout
Unable to issue a certificate
Error creating new order :: too many certificates already issued for exact set of domains
Too many flags setting configurators/installers/authenticators 'webroot' -> 'apache'
Cannot get renew to work
Certbot renew failed
Acme server sends immediately a reset during http-1 challenge
Letsencrypt tries to validate a wrong doman name when dash is in domain name
Error creating the certificate HELP!
Cannot renew mail certanymore
Timeout during connect (likely firewall problem)
Possibly blocked IP address
Cert renewal successful for web server applications but not for mail server (postfix)
SSL Randomly Failed On Me
Renew failure - unknown error (_ssl.c:3057)
Certificate Authority failed to verify the temporary Apache configuration
Let's Encrypt Outbound Traffic
Error performing automatic renewal with certbot
Lets Encrypt on Mac OS Big Sur Error
I can't connect to let's encrypt api in linux based machines while windows machine on same network does it correctly
I can't connect to let's encrypt api in linux based machines while windows machine on same network does it correctly
I can't connect to let's encrypt api in linux based machines while windows machine on same network does it correctly
PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80
New cert name, re-using old certs challenge type
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address
Windows Server 2019: Certbot cert auto-renewal failure (complete log file output added)
Mod_md fails - status 20014
FreeBSD + lighttpd SSL configuration
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address
Certbot failing authentication via .well-known/acme-challenge/
Unable to generate a ssl certificate using certbot
Unable to generate a ssl certificate using certbot
Cannot renew certificates under NGINX Proxy Manager
No valid IP addresses found for apollo.dvanderpol.nl
Error renew certificate docker
Creating Standalone Cert Error
"Error creating new order"
Letsencrypt recently stopped authorizing my www!
Need to update from certbot-auto 1.8.0
Connection refused?
New cert for Surgemail -acme_authorize required
Cert bot not creating .well-known dirs in development enviroment
How to get a certificate for mail server
TLS-SNI-01 well-knowns not being very well known
Certbot on ubuntu 20.04
LDNS error - when renewing certficates with getssl
New Issuance Chains on Staging Failing
Plesk and could not issue a Let’s Encrypt SSL/TLS due cURL error 56
Certbot OSX 10.13 unable to update cert since october
Cannot download challenge files from-- Calibre Server on Win 10 w/ Certbot & no-ip
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
How can I check is my IP blocked?
How can I check is my IP blocked?
Windows Client Could Not Finalize Order
Certificate renewal issues
Certificate renewal issues
Certbot renew - Your connection is not private
Could not renew certificate in Synology NAS
Certbot failed to authenticate some domains
Certbot failed to authenticate some domains
Recently encountered errors renewing on an HAProxy server using Standalone method with Certbot
Help to unblock IP Address
ConnectTimeout when registering certificate
Banned from LE?
Generating new certificate is hanging. Used to work before
Generating new certificate is hanging. Used to work before
4-5 minute delay when getting certificate
Manual certbot will not verify
DigitalOcean Droplet Certbot - Timeout during connect (likely firewall problem)
Problem with installation
Synology: Error on renewal
Rate Limit issue
Can't get certificate
SSLCertVerificationError of acme-v02.api.letsencrypt.org causes certbot renewal failure
Need to renew the SSL Certificate automatically
Challenge failed on Windows2016 for SSL
Dns-01 urn:ietf:params:acme:error:unauthorized 403
Let’s Encrypt is not renewing with bacme client
New Setup Authorization Error
Wildcard sertificates dosn't issueed have timeout (acme.sh)
Domain PROBLEM addon domain is added with a different server
"status": "invalid",
Filezilla Could not connect to host acme-v02.api.letsencrypt.org:443
Unban ip can’t renew certificate
Cannot create lets encrypt cerificate in Nginx Proxy Manager v2.10.4. How to fix this?
Having issues installing certbot certificates
Acme-client bad comm cert verify failed
An unexpected error occurred: No such authorization
DNS SERVFAIL errors from Let's Encrypt
Hello good evening. i need your help please
My ip is apparently blocked 86.111.12.92
Certificate renewal failed
I am unable to create a certificate in Fedora 43 for my website. "Some challenges have failed."
Cannot verify international character domain
Bad handshake error when renewing SSL
Certificates have been expired since 90 days passed. And renewing certificates are now impossible. Please help
OSError: [Errno 61] No data available - Cant add SSL to NGINX ? permission issue no cert.pm
Dns-01 challenge failing for only one specific domain
Renewing certificate
Failed to renew certificate
Certbot renew failed: Connection aborted
Certbot renew failed: Connection aborted
Certbot renew failed: Connection aborted
Issue with LetsEncrypt
Failed authorization procedure with The key authorization did not match this challenge"
Win-acme "Initial connection failed" from 29.6.2025 on
Creating a new cert on openbsd
ERROR:certbot._internal.log:augeas.AugeasIOError: Augeas.save() failed: No error
Domain qzz.io DigitalPlatDev
Generating a certificate suddenly stopped working
"Connection reset by peer" when trying to curl LE API
Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout - kubernetes cert-manager
I don't have a live directory in my letencrypt installation folder
Plugins selected: Authenticator manual, Installer None An unexpected error occurred: UnicodeEncodeError: 'ascii' codec can't encode character '\u2248' in position 0: ordinal not in range(128)
Cannot get new certificate, readtimeout error
Cannot get new certificate, readtimeout error
Are --pre-hook and --post-hook AND /etc/letsencrypt/renewal-hooks scripts mutually exclusive?
HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out
Need help figuring out how to query
Can't access my website via https
ASUS DSL-AC68U - Free Certificate
Certificate expiration Please for help
Certificate expiration Please for help
Renew doesn't work
Letsencrypt V2 : impossible to set up
Renew fails with error 403 on nginx reverse proxy
Failed to renew
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
Always getting fallback-*.perm files!
Deploying Boulder in Production
Wonder why acme.sh loops with wget returning 2 on nonce request
Wonder why acme.sh loops with wget returning 2 on nonce request
Can't update email address
Last 2 days i get java.net.SocketTimeoutException: connect timed out
NextCloud Auto Setup - ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory
New Cert Error on Glyptodon Guacamole Docker Containers