Cerbot taking long time to install SSL for the domain in the server - Urgent

Cerbot taking long time to install SSL for the domain in the server.

Its taking 10 to 15mins to install SSL for the domain on the server.

Usually,deploying SSL wont take this much time,it will be done within 20sec but now its taking long time deploy(10-15min) on the server.

Please assists. Its highly urgent.

We are installing SSL for the domain through command line :

sudo ./certbot-auto -n --agree-tos --email $EMAIL --apache --apache-server-root /etc/apache2/conf --apache-challenge-location /etc/apache2 -d $DOMAIN

$EMAIL - Our Email id
$DOMAIN - Our domain name

Usually SSL installation took 20secs for us but from last 3days ,its take long time to install SSL for the domain.

Let us know the reason behind for this slowness. We are need to install SSL for many domains on the server.

We are unable to find root cause for long time deployment. In our other server,its working fine without time delay. Only we have issue with one of the server.

Please Help Us. Its highly urgent.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Can you post Certbot’s log file? It should be /var/log/letsencrypt/letsencrypt.log on most OSes.

2019-04-02 11:49:14,784:DEBUG:certbot.main:certbot version: 0.32.0
2019-04-02 11:49:14,785:DEBUG:certbot.main:Arguments: [’-n’, ‘–agree-tos’, ‘–email’, ‘prabhu@abacies.com’, ‘–apache’, ‘–apache-server-root’, ‘/etc/apache2/conf’, ‘–apache-challenge-location’, ‘/etc/apache2’, ‘-d’, ‘affiliatemarketingrocks.biz’]
2019-04-02 11:49:14,785:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-04-02 11:49:14,816:DEBUG:certbot.log:Root logging level set at 20
2019-04-02 11:49:14,817:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-04-02 11:49:14,818:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-04-02 11:49:15,507:DEBUG:certbot_apache.configurator:Apache version is 2.4.38
2019-04-02 11:55:03,705:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0>
Prep: True
2019-04-02 11:55:03,707:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0>
2019-04-02 11:55:03,707:INFO:certbot.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2019-04-02 11:55:03,712:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/54438028’, new_authzr_uri=None, terms_of_service=None), 772639d7ac079f388e71a72a8c7e0e73, Meta(creation_host=u’s198-12-149-37.secureserver.net’, creation_dt=datetime.datetime(2019, 4, 2, 8, 4, 21, tzinfo=)))>
2019-04-02 11:55:03,714:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-04-02 11:55:03,716:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2019-04-02 11:55:04,091:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-04-02 11:55:04,092:DEBUG:acme.client:Received response:

My logs too long. Unable to add here.

Hi @tessimply

what's that? ~~6 minutes between these two rows?

Looks that your configuration file is very long.

Hello,

I am unable paste log here. So i have shared screen-shot link. Please check and help with us. Highly urgent sir.

fc1686cba9.png1292×601 29.4 KB

1d07182757.png1279×608 22 KB

6c33b9453f.png1290×604 26.9 KB

210b0d264d.png1289×601 28.4 KB

548f080957.png1255×608 20.8 KB

86fb770993.png1293×606 32.7 KB

35d4c33e61.png1296×610 31.1 KB

f94de0d0e9.png1284×594 20.8 KB

5c060f621c.png1291×610 30.8 KB

1edc5170d3.png1290×611 52.2 KB

7b2a7f993f.png1290×604 28 KB

fd09ce692c.png1295×603 23.8 KB

16d62ca589.png1305×596 33.3 KB

59b2bf517f.png1271×608 40.6 KB

0a98b3920c.png1284×608 30.6 KB

Check the time between two steps and share only the rows with a difference greater 30 seconds / one minute.

Hello sir,

Let me share those rows,

2019-04-02 11:49:14,784:DEBUG:certbot.main:certbot version: 0.32.0
2019-04-02 11:49:14,785:DEBUG:certbot.main:Arguments: [’-n’, ‘–agree-tos’, ‘–email’, ‘prabhu@abacies.com’, ‘–apache’, ‘–apache-server-root’, ‘/etc/apache2/conf’, ‘–apache-challenge-location’, ‘/etc/apache2’, ‘-d’, ‘affiliatemarketingrocks.biz’]
2019-04-02 11:49:14,785:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-04-02 11:49:14,816:DEBUG:certbot.log:Root logging level set at 20
2019-04-02 11:49:14,817:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-04-02 11:49:14,818:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-04-02 11:49:15,507:DEBUG:certbot_apache.configurator:Apache version is 2.4.38
2019-04-02 11:55:03,705:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0>
Prep: True
2019-04-02 11:55:03,707:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0> and installer <certbot_apache.override_centos.CentOSConfigurator object at 0x7fe1ab0307d0>

2019-04-02 11:55:04,503:DEBUG:acme.client:Storing nonce: 1otUAccSugNHirvPisNKa2RjTVjc0VPwtOi9RlL5ms0
2019-04-02 11:55:04,504:INFO:certbot.auth_handler:Performing the following challenges:
2019-04-02 11:55:04,504:INFO:certbot.auth_handler:http-01 challenge for affiliatemarketingrocks.biz
2019-04-02 11:56:31,896:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: affiliatemarketingrocks.powerblogsystem.us in: /etc/apache2/conf/httpd.conf
2019-04-02 11:56:31,906:DEBUG:certbot_apache.http_01:Adding a temporary challenge validation Include for name: affiliatemarketingrocks.powerblogsystem.us in: /etc/apache2/conf/httpd.conf
2019-04-02 11:56:31,915:DEBUG:certbot_apache.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2019-04-02 11:56:31,915:DEBUG:certbot_apache.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted

<Location /.well-known/acme-challenge>
Require all granted

2019-04-02 11:56:46,360:DEBUG:certbot.reverter:Creating backup of /etc/apache2/conf/httpd.conf
2019-04-02 11:57:37,144:INFO:certbot.auth_handler:Waiting for verification…
2019-04-02 11:57:37,151:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2019-04-02 11:57:37,194:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/challenge/epkuAxzLS0Z6rQRMMXU9Q8I3KpvWi_Z_TGLf2Jz4-O0/14325457574:
{

2019-04-02 11:57:38,484:INFO:certbot.auth_handler:Cleaning up challenges

2019-04-02 11:59:12,107:DEBUG:certbot.client:CSR: CSR(file=’/etc/letsencrypt/csr/0007_csr-certbot.pem’, data=’-----BEGIN CERTIFICATE REQUEST-----\nMIICfjCCAWYCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP6\n/QCeWVfo8w/albbRTObMsKNrTAq6fMYE28UiA5IGigvDMVOhYnK876LfG6GfoslZ\nybQ7LS1oPieayG2yV+51YJtdQOZtCnRmfiGTvgOHUtC5Ds8E/Ps6/11qh9+8BdKN\nPb+bpEXVbMOQAr0Ngcv9rpl/BOLCIHgvYlLmMWgwVMPbFON8bwJk2plSFlgc1UD9\nmUHpGkoXpnoXucq5/q+SaT7o1+5gzAq7ukeuGDK5q+DL+GHZQdc+oadTOsOkIOpo\nzRg0kYs7R1AMO30fF9R7Mkd5mK4WwjgEbGTD8L9cM8ArUBlIcKqbryfRKDgDUS96\nAkMcKhMdOIY4OntZxCsCAwEAAaA5MDcGCSqGSIb3DQEJDjEqMCgwJgYDVR0RBB8w\nHYIbYWZmaWxpYXRlbWFya2V0aW5ncm9ja3MuYml6MA0GCSqGSIb3DQEBCwUAA4IB\nAQBHpRPonbUNvFyQ6UxmdiNJvD6RjLY+YKwujeXxPDiAvBJjqimLsBhcER6gMygY\niZtUbbqyfW1lAWweILlpcfArGkC+4AwdxYz+D4ltK89AETX+Iajh0EubXNyRNmwN\nNQMdFqjLv5S1HW/v6z82FSBq4GRfMHPGFsaALxXrf5VbbznKvxSw5nTbBpdy1Jxe\nwmpMi+zZP84eBpYT1H/58O2Qa1ZfwRW+A0m8O8pi7VjyAzyxJwGi95a7CFBKkCgq\n/RoD5dDfOzO079s5Z2Sv921JEetXPl07/Cqblb4nhWcaSsMOcZ80nYzBK+QFOyXE\nXk64FokU1t6DU0YTgO5Q1c0a\n-----END CERTIFICATE REQUEST-----\n’, form=‘pem’)
2019-04-02 11:59:12,109:DEBUG:acme.client:JWS payload:

2019-04-02 11:59:18,481:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/affiliatemarketingrocks.biz/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/affiliatemarketingrocks.biz/privkey.pem
Your cert will expire on 2019-07-01. To obtain a new or tweaked version of this certificate in the future, simply runcertbot-auto again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot-auto renew”
2019-04-02 12:01:15,680:DEBUG:certbot.reverter:Creating backup of /etc/apache2/conf/httpd.conf
2019-04-02 12:03:19,261:INFO:certbot_apache.configurator:Deploying Certificate to VirtualHost /etc/apache2/conf/httpd.conf
2019-04-02 12:04:21,837:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting ourwork by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Please help with us. It highly urgent. We need to install SSL for more domains on the server.

For installing one domain took 10min , normally it will take 20secs.

In other server,we have many domains and we are able to install quickly. Doesnt take long time. Please advise. Why its took long time for installing.

Our server is CentOS release 6.10 (Final) + cPanel server.

We are installing cerbot SSL for the domain through script on the server.

Is your harddisk buggy?

Certbot tries to change a config file -> wait, wait, wait.

This is our server iostat details

[root@s198-12-149-37 ~]# iostat
Linux 2.6.32-042stab120.16 (s198-12-149-37.secureserver.net) 04/02/2019 x86_64 (120 CPU)

avg-cpu: %user %nice %system %iowait %steal %idle
1.97 0.00 0.25 0.01 0.00 97.77

Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn

Please help with us on this issues

Is the Apache configuration extremely large?

Is Certbot managing hundreds or thousands of certificates?

Hello,

We do have more than 500+ domains on the server. We need to install SSL for all those domains. Same like we have 500+ domains on another server ,in that server its working fine which doesnt take long time. In this server,its take long time to install. Please help with us.

Is it possible that the configuration on the other server has the virtual hosts in individual files, whereas this server has the virtual hosts all combined into a single file?

@joohoi, what do you think the most important scaling factors for parsing large numbers of virtual hosts would be?

All virtual host combined into single httpd.conf file

Is that also true on the other server (the one that works better)?

yes its true, its work better. It doesnt take long time.