Error: serverInternal :: Error creating new authz

jcjones · October 27, 2015, 12:01am

If you receive an error like this:

Error: serverInternal :: The server experienced an internal error :: Error creating new authz

Right now practically all of these are caused by a DNS lookup timeout while validating your domain. The operations team is looking into it, and landing some additional metrics to pin down where the slowness is..

This class of error -- Error creating new authz -- doesn't count against any of the rate limits, and it is safe to re-try. Chances are good that after a couple of retries that your certificate will issue successfully.

We'll post back to this topic as we make progress nailing this down before General Availability. Thanks for your patience!

riking · October 27, 2015, 7:08am

It would be nice if someone could go through and spend some time cleaning up the display of the various error messages.

SerbanPaun · October 28, 2015, 10:02am

Yes, I also receive this error and can’t generate my certificate.

mharperscheidt · October 28, 2015, 10:13am

Hello, i have the same error for my .eu domain. My .de works fine.

Peter · October 28, 2015, 7:46pm

Tried a good few times with my whitelisted co.uk domains - keep getting the ‘Error: serverInternal :: The server experienced an internal error :: Error creating new authz’ error

dujiulun2006 · October 29, 2015, 9:19am

I’m experiencing the same problem with my white-listed com domain. I suspect it’s because I have the authority DNS in China, but there should be a longer timeout than (what I counted) 3 seconds…

Peter · October 29, 2015, 8:14pm

i’m not getting this error any longer and my certs generated!

So yea if you are getting this error try again…

Tritlo · November 2, 2015, 12:19pm

I’m still getting this error. My authority DNS is in Iceland.

kelunik · November 2, 2015, 12:32pm

How about falling back to DNS over TCP in case of a timeout? Package could have been lost on the way because of UDP.

Dycell · November 4, 2015, 9:32am

Mine is located in the USA (NameCheap) and I also get the error.
I guess we'll just have to wait a bit!

4679kun · November 5, 2015, 6:11am

I have getting this error with my .space domain,my authority DNS is in China

jcjones · November 5, 2015, 7:30am

Thanks everyone for your patience on this. We’ve added more metrics and each failure is helpful in nailing down correlations.

Orange · November 5, 2015, 1:34pm

Got the same error on my Ubuntu 14.04.3…

2015-11-05 13:23:12,548:DEBUG:acme.client:Received response <Response [500]> (headers: {'Content-Length': '76', 'Expires': 'Thu, 05 Nov 2015 13:21:52 GMT', 'Server': 'nginx', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Thu, 05 Nov 2015 13:21:52 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'aH8FNbpfbgtXK0D2YN3RvSqgr1Jbf_Ud8Bp4blz_Vck'}): '{"type":"urn:acme:error:serverInternal","detail":"Error creating new authz"}'

ghw · November 5, 2015, 3:00pm

My domain name is not added to the whitelist?
Or my IP is blacklisted?

2015-11-05 14:55:22,062:DEBUG:root:Received <Response [500]>. Headers: {‘Content-Length’: ‘76’, ‘Expires’: ‘Thu, 05 Nov 2015 14:55:21 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 05 Nov 2015 14:55:21 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘Zw52rnA3BBcdCVhmE0-nDZESnBp98wsGzyqG6ADUB0U’}. Content: '{“type”:“urn:acme:error:serverInternal”,“detail”:“Error creating new authz”}'
2015-11-05 14:55:22,063:DEBUG:acme.client:Storing nonce: 'g\x0ev\xaep7\x04\x17\x1d\tXf\x13O\xa7\r\x91\x12\x9c\x1a}\xf3\x0b\x06\xcf*\x86\xe8\x00\xd4\x07E’
2015-11-05 14:55:22,063:DEBUG:acme.client:Received response <Response [500]> (headers: {‘Content-Length’: ‘76’, ‘Expires’: ‘Thu, 05 Nov 2015 14:55:21 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘close’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Thu, 05 Nov 2015 14:55:21 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘Zw52rnA3BBcdCVhmE0-nDZESnBp98wsGzyqG6ADUB0U’}): '{“type”:“urn:acme:error:serverInternal”,“detail”:“Error creating new authz”}'
2015-11-05 14:55:22,068:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):

Thank you

SFITCS · November 6, 2015, 4:53am

1 day, a dozen attempts and several variations later - still no variation in the error message “Error: serverInternal :: The server experienced an internal error :: Error creating new authz”

Tested DNS lookup using several different servers and I get a quick response in every instance.

Tried mv /etc/letsencrypt/accounts{,.bak} and re-running ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
Also tried removing all letsencrypt and restarting the process.

./letsencrypt-auto certonly -t --agree-tos --email someone@somewhere.tld --domains www.somewhere.tld -d somewhere.tld which does work (but is the happy hacker CA cert).

Debian Jessie, python 2.7.9, all logs have been kept - what info (if any) should be blanked in them before posting?

My DNS servers are in the USA.

If there something else I can try - or better, a means of determining whether the problem is at my end or not.

ghw · November 6, 2015, 5:40pm

It is still the case.

(

Orange · November 8, 2015, 12:40pm

Update: After trying many DNS services, it seems that Amazon Route 53 is the best free way that would never cause this error… If you got this error, please try switch DNS to Route 53 and try again.
Update: Seems Linode and CloudFlare also works fine, but please remember, name server change needs about 6 hours to take effect.

Tritlo · November 9, 2015, 3:50pm

Switched to Amazon route 53, and am still getting the error.

Orange · November 10, 2015, 1:26am

DNS change needs about 6 hours to take effect.

Tritlo · November 10, 2015, 9:08am

I know, I switched ~40 hours ago.