Getting a 503 while downloading certbot-auto


#1

Attempting to download https://dl.eff.org/certbot-auto currently returns the following error:

Error 503 certificate has expired
certificate has expired

Guru Mediation:
Details: cache-jfk8122-JFK 1534905303 3520469420

Varnish cache server

#2

Let’s ping a staff to help

@lestaff fastly report that dl.eff.org has error 503… Is there way to resolve it?

Thanks


#3

I don’t think that Let’s Encrypt/ISRG staff can fix it since it’s a different organization. Maybe @schoen or @bmw ?

This happened last year as well, Certbot isn’t dogfooding :confused: ?

Looks fixed now - fast as lightning :slight_smile: !


#4

I’ve pinged EFF’s operations team about this. It should be fixed soon.

In the meantime, you can use these URLs:

certbot-auto
certbot-auto PGP signature


#5

503 is back…

Error 503 certificate has expired

certificate has expired

Guru Mediation:

Details: cache-lcy19233-LCY 1534929907 2105284685


#6

any updates?
Is someone working on it?


#7

Anyone can help?I also got this problem!503 certificate has expired.


#8

@stevenm, @fane89, @keithp : I suspect this error is regional in nature and perhaps only a small number of Fastly’s edge servers are using an expired certificate. I’m not able to reproduce from my own network perspective. Could the folks still affected please visit http://www.fastly-debug.com/ and share the textblock results? I think this will be valuable debug information for @bmw to pass along to the EFF admins/Fastly support.

Edit: Whoops! I think I jumped to the wrong conclusion. This 503 is about the origin certificate expiring and doesn’t involve the certificate at the fastly edge at all. Time for more :coffee:


#9

| Debug

Please submit text block below with your ticket to Fastly

ewogICJnZW9pcCI6IHsKICAgICJjaSI6ICJwYXJpcyIsCiAgICAic3QiOiAiSURGIiwKICAgICJjdCI6ICJmcmFuY2UiLAogICAgImNvIjogIkVVIiwKICAgICJjX2FzbiI6ICIzMjE1IiwKICAgICJjX2Fzbl9uYW1lIjogIm9yYW5nZSBzLmEuIiwKICAgICJyX2lwIjogIjkwLjYzLjIzNC4xMjEiLAogICAgInJfYXNuIjogIjMyMTUiLAogICAgInJfYXNuX25hbWUiOiAib3JhbmdlIHMuYS4iLAogICAgInJfY2kiOiAicGFyaXMiLAogICAgInJfc3QiOiAiSURGIiwKICAgICJyX2N0IjogImZyYW5jZSIsCiAgICAicl9jbyI6ICJFVSIKICB9LAogICJwb3BMYXRlbmN5IjogewogICAgImxociI6IDExLAogICAgImxjeSI6IDE1LAogICAgImNkZyI6IDgsCiAgICAibWFkIjogMjEsCiAgICAiZnJhIjogMTYsCiAgICAiaGhuIjogMTgsCiAgICAiYW1zIjogMjQsCiAgICAiYm1hIjogMzgsCiAgICAiamZrIjogNzcsCiAgICAiaGtnIjogMjY5CiAgfSwKICAicG9wQXNzaWdubWVudHMiOiB7CiAgICAiYWMiOiAiY2RnIiwKICAgICJhcyI6ICJjZGciCiAgfSwKICAicmVxdWVzdCI6IHsKICAgICJyZXNvbHZlcl9pcCI6ICI5MC42My4yMzQuMTIxIiwKICAgICJyZXNvbHZlcl9hc19uYW1lIjogIkFTMzIxNSwgRlIiLAogICAgInJlc29sdmVyX2FzX251bWJlciI6ICIzMjE1IiwKICAgICJyZXNvbHZlcl9jb3VudHJ5X2NvZGUiOiAiRlIiLAogICAgImNsaWVudF9pcCI6ICI5MC42My4yMzQuMTIxIiwKICAgICJjbGllbnRfYXNfbmFtZSI6ICJBUzMyMTUsIEZSIiwKICAgICJjbGllbnRfYXNfbnVtYmVyIjogIjMyMTUiLAogICAgInRpbWUiOiAiMjAxOC0wOC0yMlQxNDoyNjo1MC4wMDBaIiwKICAgICJob3N0IjogInd3dy5mYXN0bHktZGVidWcuY29tIiwKICAgICJhY2NlcHQiOiAidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCIsCiAgICAidXNlcmFnZW50IjogIk1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzY4LjAuMzQ0MC4xMDYgU2FmYXJpLzUzNy4zNiIsCiAgICAiYWNjZXB0bGFuZ3VhZ2UiOiAiZW4tR0IsZW4tVVM7cT0wLjksZW47cT0wLjgiLAogICAgImFjY2VwdGVuY29kaW5nIjogImd6aXAiLAogICAgImZhc3RseXNlcnZlcmlwIjogIjE1MS4xMDEuMTIwLjY0IiwKICAgICJ4ZmYiOiAiIiwKICAgICJkYXRhY2VudGVyIjogIkNERyIsCiAgICAiYmFuZHdpZHRoX21icHMiOiAiMTE3LjY2IiwKICAgICJjd25kIjogOTcsCiAgICAibmV4dGhvcCI6ICIxNzIuMjIuMTQ2LjEiLAogICAgInJ0dCI6IDQuMDg0LAogICAgImRlbHRhX3JldHJhbnMiOiAwLAogICAgInRvdGFsX3JldHJhbnMiOiAwCiAgfQp9

Client IP Info
IP 90.63.234.121
AS Name AS3215, FR
AS Number 3215
City paris
Continent EU
Country france
State IDF
Resolver IP Info
IP 90.63.234.121
AS Name AS3215, FR
AS Number 3215
Country Code FR
Server Connection Info
IP 151.101.120.64
Datacenter CDG
BW to server 117.66mbps
Congestion Window 97
Next Hop 172.22.146.1
RTT 4.084ms
Delta Retransmits 0
Total Retransmits 0
POP Latency (ms)
LHR 11
LCY 15
CDG 8
MAD 21
FRA 16
HHN 18
AMS 24
BMA 38
JFK 77
HKG 269
Request Info
Time Wed Aug 22 2018 16:26:50 GMT+0200 (Central European Summer Time)
Host www.fastly-debug.com
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept-Language en-GB,en-US;q=0.9,en;q=0.8
Accept-Encoding gzip
X-Forwarded-For


#10

Thanks @tdelmas.

I updated my comment. I sent folks on a wild goose chase with the debug info. I’m able to reproduce this reliably when I do it correctly. It seems like the origin still has an expired certificate and it has nothing to do with network perspective or Fastly’s environment.

Sorry folks!


#11

The issue has been resolved. Sorry for the trouble!


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.