CA processing really slow?

solkmaaker · December 17, 2022, 6:33pm

Is it just me, or is issuing certificates really slow for two (or so) days now?

I'm using acme.sh
What i get is:
Sat Dec 17 18:09:00 UTC 2022] Processing, The CA is processing your order, please just wait. (29/30)
[Sat Dec 17 18:09:14 UTC 2022] mydomain.com:Timeout
[Sat Dec 17 18:09:14 UTC 2022] Please add '--debug' or '--log' to check more details.
[Sat Dec 17 18:09:14 UTC 2022] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

And, after some time, i see in server logs:
Dec 17 18:12:00 servername servername nginx: mydomain.com 91.199.212.132 - - [17/Dec/2022:18:12:00 +0000] -/- "GET /.well-known/acme-challenge/el_XqNFTv-YTtJamOlox2oR4io9BnFKB9SPO3G4xoNo HTTP/1.1" 404 118 "-" "acme.zerossl.com/v2/DV90"

Notice that 2 min and 46 sec time difference.
By that time acme.sh have exited and deleted everything it created in acme-challenge folder.

Osiris · December 17, 2022, 6:38pm

You should probably ask the CA you're trying to get the certificates from, which is not Let's Encrypt from the looks of your log file.

solkmaaker · December 17, 2022, 6:44pm

My bad! DUH!

Thank you for pointing that out.

rg305 · December 17, 2022, 6:46pm

OR
Switch to a better/faster CA.
LOL

Osiris · December 17, 2022, 6:47pm

Such as Let's Encrypt

@solkmaaker You can read more about acme.sh's change of CA from Let's Encrypt to ZeroSSL and how to change it back at Change default CA to ZeroSSL · acmesh-official/acme.sh Wiki · GitHub

solkmaaker · December 17, 2022, 6:53pm

Switched to LE.
Cert was issued without any problems.

Thanks again!

rg305 · December 17, 2022, 6:58pm

Unfortunately, we can't mark two posts as solutions to your problem.
But you actually did get two [for the price of one - which is FREE] !!!

Osiris · December 17, 2022, 7:09pm

Well, switching CAs to LE was actually a single fix for all problems!

rg305 · December 17, 2022, 7:13pm

The better of the two but the topic was about CA slowness which was "solved" by pointing them to the actual slow CA [good solution].

Going above and beyond to also provide them with an even better solution - is yet another solution.
So, I count them as two.

Although, yes, the second solution does kill two birds with one stone.

webprofusion · December 18, 2022, 2:48am

As an aside, I can confirm that ZeroSSL has been very slow for at least the past month and regularly does not complete orders (or even domain validation) in a reasonable time. I think they've just reached the limit their service can currently handle.

Osiris · December 18, 2022, 9:06am

Might have something to do with having no rate limits?

eva2000 · December 18, 2022, 1:55pm

Wonder if that is due to ZeroSSL not having a rate limiting policy for issuance like @Osiris

hmmm https://status.zerossl.com/

system · January 17, 2023, 1:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.