I know it’s a free service. Thank you for confirming in different words that it’s not a reliable professional service.
Thank you for sharing your thoughts. The renew script is in the cronjob already. Instead of just sending email alerts that do nothing to tell me there’s an issue, so I leave it alone as the crontab is in place, perhaps the email can carry the error – and the documentation can be a bit more helpful in how to remove a domain, etc, as discussed above.
Anyway, we have now learned our lesson. This ‘free’ service is OK for toy sites or personal blogs. Not for anything beyond.
So now, you know that instead of complaining about a free service that you use in a professional environment you should buy a SSL certificate from an authority that match you needs ?
Moreover I also use Letsencrypt for a part of my enterprise services and I don’t have any problem since the certificates are always renewed on time, not the day before it expires. Right now I just cannot issue new ones. And these websites i’m speaking of are not ‘toys’ I can assure you
Or how to run away from responsability, when you do things last minute… SMH…
Is there any official statement when the api is reachable again…
if you run Apache with cPanel/WHM, you can do a temporary fix, yo can disabled OCSP Stapling within the Apache configuration and restarted Apache to apply the changes. With OCSP Stapling disabled, the browser now checks the revocation status, rather than the server itself. This reduces the burden from the server, and eliminates the possibility of this issue occuring again (unless OCSP Stapling is re-enabled and this happens again).
The directive is as follows: SSLUseStapling off
This directive cannot be controlled from WHM, it needs to be manually configured using an access method such as SSH or sFTP.
I hope this help.
Looks like, a notice there at http://letsencrypt.status.io/ of Service Disruption.
Getting same error while setting up Let’s Encrypt. Waiting for Green Signal.
The official recommendation is that you set your cron task to run every day checking expiration dates of your certificates, and request replacement for certificates that have ≤30 days of validity left (e.g. just running
certbot renew). With proper setup youʼd have a 30 days long buffer to try to request a fresh certificate and still have a valid one in place.
Status now shows operational. Usage suggests otherwise.
It’s now marked as “Operational” but I still have Gateway timeouts when trying to reach https://acme-v01.api.letsencrypt.org/
# wget -S https://acme-v01.api.letsencrypt.org/ -O - --2017-05-19 15:43:33-- https://acme-v01.api.letsencrypt.org/ Résolution de acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)… 126.96.36.199, 2a02:26f0:135:28a::3d5, 2a02:26f0:135:29d::3d5 Connexion à acme-v01.api.letsencrypt.org (acme-v01.api.letsencrypt.org)|188.8.131.52|:443… connecté. requête HTTP transmise, en attente de la réponse… HTTP/1.1 504 Gateway Time-out Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 176 Expires: Fri, 19 May 2017 13:44:33 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 19 May 2017 13:44:33 GMT Connection: keep-alive 2017-05-19 15:44:33 erreur 504 : Gateway Time-out.
What about you ?
It is set for every day. The notification do not send any potential error, that’s my point.
Same here. It’s down.
As was pointed out by several others over the course of this thread the error is a result of an ongoing service disruption. Please follow status.letsencrypt.org for more information. We should have all of the remaining issues resolved shortly.
In the meantime I’m going to lock this thread since there isn’t a need for further discussion on this particular error. Please open a new thread if you need to resume discussion.
Thanks for your patience, we apologize for the disruption and I expect more detailed root cause information will be shared in the near future.