Challenge timeout

I’m using a custom client and I’ve gotten this error about timeouts a few times recently. Has anybody seen this error before? It looks like the message gets cut off by the logging service so I was hoping that somebody has the whole message starting from Timeout, instance:.

Sep 21 11:11:37 service: unexpected error generating cert for [example.com], got failed challenge for host "example.com" with error LE returned an invalid response for the challenge, problem: type: urn:acme:error:connection, title: , status: 400, detail: Fetching http://example.com/.well-known/acme-challenge/XXXXXXXX: Timeout, instance:  

never mind the error isn’t cut off there’s just no instance field

Does anybody know what the timeout is set to?

Here’s a new log line with quotes:

Sep 21 16:08:08 unexpected error generating cert for [002067.example.com], got failed challenge for host "002067.example.com" with error LE returned an invalid response for the challenge, problem: type: "urn:acme:error:connection", title: "", status: 400, detail: "Fetching http://002067.example.com/.well-known/acme-challenge/XXXXXXXX: Timeout", instance: "" 

I believe the timeout is 5s - https://github.com/letsencrypt/boulder/blob/568407e5b8ab08b6d8cf0281f8a44c3f55dbfb95/va/va.go#L49

Hi @voutasaurus,

Can you provide me with more information I can use to identify some of the failing requests?

Your ACME account ID and some of the domain(s) that you experience this timeout validating would be great. An email or a DM would be fine if you don’t want to share the details in the forum.

Thanks!

I found a lock that serialized our responses to challenges. Under load this blocked some of our responses for more than the five second timeout.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.