INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for events.shongololo.xyz
+ Found valid authorization for events.shongololo.xyz
+ 0 pending challenge(s)
+ Requesting certificate...
err: ERROR: Problem connecting to server (post for ; curl returned with 3)
, context: ssl_certificate_by_lua*, client: 188.8.131.52, server: 0.0.0.0:443
My web server is (include version): OpenResty 184.108.40.206-2~jammy1 with resty.auto-ssl
The operating system my web server runs on is (include version): Ubuntu 22.04 LTS
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A
Yeah, it looks to me like the client tried to unconditionally extract the Certificate URL from the Finalize response, and when it wasn't there, made a request for the empty-string url "" (which "resolved" to 0.0.0.0:443) which obviously didn't work.
Instead, it should poll (with exponential backoff!) the Order URL until the "certificate" field appears in it, or it transitions to state "invalid", and only attempt to download the certificate then.
It looks to me like dehydrated does the right thing for asynchronous finalization already:
This loop makes a finalize request, the polls the order object until it transitions into either state "valid" or state "invalid", and only attempts to extract the "certificate" url once it's in state "valid".