Cannot get ssl certificate, timeout error

My domain is: www.jatus.top

I ran this command:acme.sh --log --issue --dns dns_namesilo --dnssleep 900 -d '*.jatus.top'

It produced this output:
[Mon Jul 26 11:52:34 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Mon Jul 26 11:52:34 CST 2021] Creating domain key
[Mon Jul 26 11:52:34 CST 2021] The domain key is here: /root/.acme.sh/.jatus.top/.jatus.top.key
[Mon Jul 26 11:52:34 CST 2021] Single domain='.jatus.top'
[Mon Jul 26 11:52:34 CST 2021] Getting domain auth token for each domain
[Mon Jul 26 11:52:38 CST 2021] Getting webroot for domain='
.jatus.top'
[Mon Jul 26 11:52:38 CST 2021] Adding txt value: CFliqGNKxk5OMCHlFPj7i51mb6KUzThbSj4SvcPzwQo for domain: _acme-challenge.jatus.top
[Mon Jul 26 11:52:42 CST 2021] Successfully added TXT record, ready for validation.
[Mon Jul 26 11:52:42 CST 2021] The txt record is added: Success.
[Mon Jul 26 11:52:42 CST 2021] Sleep 900 seconds for the txt records to take effect
[Mon Jul 26 12:07:45 CST 2021] Verifying: *.jatus.top
[Mon Jul 26 12:07:48 CST 2021] The replay Nonce is not valid, let's get a new one, Sleeping 1 seconds.
[Mon Jul 26 12:07:52 CST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Mon Jul 26 12:07:56 CST 2021] Processing, The CA is processing your order, please just wait. (2/30)
[Mon Jul 26 12:07:59 CST 2021] Processing, The CA is processing your order, please just wait. (3/30)
[Mon Jul 26 12:08:02 CST 2021] Processing, The CA is processing your order, please just wait. (4/30)
[Mon Jul 26 12:08:05 CST 2021] Processing, The CA is processing your order, please just wait. (5/30)
[Mon Jul 26 12:08:09 CST 2021] Processing, The CA is processing your order, please just wait. (6/30)
[Mon Jul 26 12:08:12 CST 2021] Processing, The CA is processing your order, please just wait. (7/30)
[Mon Jul 26 12:08:15 CST 2021] Processing, The CA is processing your order, please just wait. (8/30)
[Mon Jul 26 12:08:18 CST 2021] Processing, The CA is processing your order, please just wait. (9/30)
[Mon Jul 26 12:08:21 CST 2021] Processing, The CA is processing your order, please just wait. (10/30)
[Mon Jul 26 12:08:24 CST 2021] Processing, The CA is processing your order, please just wait. (11/30)
[Mon Jul 26 12:08:27 CST 2021] Processing, The CA is processing your order, please just wait. (12/30)
[Mon Jul 26 12:08:30 CST 2021] Processing, The CA is processing your order, please just wait. (13/30)
[Mon Jul 26 12:08:33 CST 2021] Processing, The CA is processing your order, please just wait. (14/30)
[Mon Jul 26 12:08:37 CST 2021] Processing, The CA is processing your order, please just wait. (15/30)
[Mon Jul 26 12:08:40 CST 2021] Processing, The CA is processing your order, please just wait. (16/30)
[Mon Jul 26 12:08:44 CST 2021] Processing, The CA is processing your order, please just wait. (17/30)
[Mon Jul 26 12:08:51 CST 2021] Processing, The CA is processing your order, please just wait. (18/30)
[Mon Jul 26 12:08:54 CST 2021] Processing, The CA is processing your order, please just wait. (19/30)
[Mon Jul 26 12:08:57 CST 2021] Processing, The CA is processing your order, please just wait. (20/30)
[Mon Jul 26 12:09:00 CST 2021] Processing, The CA is processing your order, please just wait. (21/30)
[Mon Jul 26 12:09:03 CST 2021] Processing, The CA is processing your order, please just wait. (22/30)
[Mon Jul 26 12:09:07 CST 2021] Processing, The CA is processing your order, please just wait. (23/30)
[Mon Jul 26 12:09:10 CST 2021] Processing, The CA is processing your order, please just wait. (24/30)
[Mon Jul 26 12:09:13 CST 2021] Processing, The CA is processing your order, please just wait. (25/30)
[Mon Jul 26 12:09:16 CST 2021] Processing, The CA is processing your order, please just wait. (26/30)
[Mon Jul 26 12:09:20 CST 2021] Processing, The CA is processing your order, please just wait. (27/30)
[Mon Jul 26 12:09:23 CST 2021] Processing, The CA is processing your order, please just wait. (28/30)
[Mon Jul 26 12:09:26 CST 2021] Processing, The CA is processing your order, please just wait. (29/30)
[Mon Jul 26 12:09:29 CST 2021] *.jatus.top:Timeout
[Mon Jul 26 12:09:29 CST 2021] Removing DNS records.
[Mon Jul 26 12:09:29 CST 2021] Removing txt: CFliqGNKxk5OMCHlFPj7i51mb6KUzThbSj4SvcPzwQo for domain: _acme-challenge.jatus.top
[Mon Jul 26 12:09:32 CST 2021] Successfully retrieved the record id for ACME challenge.
[Mon Jul 26 12:09:33 CST 2021] Successfully removed the TXT record.
[Mon Jul 26 12:09:33 CST 2021] Removed: Success

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hi @yg110627, and welcome to the LE community forum :slight_smile:

Unfortunately, you are using an ACME client that isn't maintained by LE.
And that client now defaults to another CA (zerossl.com).
So there isn't much we can help you here with.
Other than to say that you should be able to use LE CA with acme.sh by using:
--set-default-ca --server letsencrypt

If you still have problems after doing that, please feel free to use this forum for help.

2 Likes

Thank you @rg305, I try to add "--set-default-ca --server letsencrypt" to my command, the output is following:
[Wed Jul 28 08:34:42 CST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Jul 28 08:34:42 CST 2021] Create account key ok.
[Wed Jul 28 08:34:42 CST 2021] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Jul 28 08:34:44 CST 2021] Registered
[Wed Jul 28 08:34:44 CST 2021] ACCOUNT_THUMBPRINT='Uejrb4HCovKPj0HzB0aytQF9eHzBOrs1RpoqSYf_SyU'
[Wed Jul 28 08:34:44 CST 2021] Single domain='.jatus.top'
[Wed Jul 28 08:34:44 CST 2021] Getting domain auth token for each domain
[Wed Jul 28 08:34:46 CST 2021] Getting webroot for domain='
.jatus.top'
[Wed Jul 28 08:34:47 CST 2021] Adding txt value: RGbuauJwXHe6qeq84i1iypSWcFPRrnt-eN19tT5lZr0 for domain: _acme-challenge.jatus.top
[Wed Jul 28 08:34:51 CST 2021] Successfully added TXT record, ready for validation.
[Wed Jul 28 08:34:51 CST 2021] The txt record is added: Success.
[Wed Jul 28 08:34:51 CST 2021] Sleep 900 seconds for the txt records to take effect
[Wed Jul 28 08:49:54 CST 2021] Verifying: *.jatus.top
[Wed Jul 28 08:49:55 CST 2021] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Wed Jul 28 08:50:00 CST 2021] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Jul 28 08:50:03 CST 2021] *.jatus.top:Verify error:Incorrect TXT record
[Wed Jul 28 08:50:03 CST 2021] Removing DNS records.
[Wed Jul 28 08:50:03 CST 2021] Removing txt: RGbuauJwXHe6qeq84i1iypSWcFPRrnt-eN19tT5lZr0 for domain: _acme-challenge.jatus.top
[Wed Jul 28 08:50:08 CST 2021] Successfully retrieved the record id for ACME challenge.
[Wed Jul 28 08:50:09 CST 2021] Successfully removed the TXT record.
[Wed Jul 28 08:50:09 CST 2021] Removed: Success
[Wed Jul 28 08:50:09 CST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log

still fail.

Try removing any unused TXT records that may remain from previous failed renewal attempts.
nslookup -q=soa _acme-challenge.jatus.top ns1.dnsowl.com
[still shows two TXT records]

2 Likes

On your next attempt, when you see this message:

Try checking the TXT records (with the command I gave above) to ensure the new records are being added and synchronized.

1 Like

Another good tool to check with:

https://toolbox.googleapps.com/apps/dig/#TXT/

1 Like

Thank you @rg305, finally it works. After removing TXT records and change timeout from 900 to 2000, cert is downloaded.
@griffin, nice tool, very helpful.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.