Slow to generate renewal certs

I wonder if anyone can help? We are using the latest version of certbot but times to generate renewal certs are very slow for us.

Example, below, does anyone have any thoughts, help or comments? Really appreciate it.

Process was started at 09:10:52:

2024-05-15 09:10:52,550:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-05-15 09:10:52,730:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-05-15 09:10:52,731:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/dodo.co.uk/cert3.pem is signed by the certificate's issuer.
2024-05-15 09:10:52,731:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/dodo.co.uk/cert3.pem is: OCSPCertStatus.GOOD
2024-05-15 09:10:52,733:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2024-05-24 21:19:09 UTC.
2024-05-15 09:10:52,733:INFO:certbot._internal.renewal:Certificate is due for renewal, auto-renewing...
2024-05-15 09:10:52,733:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2024-05-15 09:10:53,122:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.41

And finished at 10:03:53:

2024-05-15 10:03:53,423:DEBUG:acme.client:Storing nonce: 6Jd4kJYi3Nm4T19PhMrvPYdVoTxlI83Pz8s8U-EbuZSFgXduBOc
2024-05-15 10:03:53,428:DEBUG:certbot._internal.storage:Writing new private key to /etc/letsencrypt/archive/dodo.co.uk/privkey4.pem.
2024-05-15 10:03:53,428:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/archive/dodo.co.uk/cert4.pem.
2024-05-15 10:03:53,428:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/archive/dodo.co.uk/chain4.pem.
2024-05-15 10:03:53,429:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/archive/dodo.co.uk/fullchain4.pem.
2024-05-15 10:03:53,443:DEBUG:certbot.configuration:Var account=d3f396c0ec29d83c57f8baab02cad623 (set by user).
2024-05-15 10:03:53,443:DEBUG:certbot.configuration:Var key_type=rsa (set by user).
2024-05-15 10:03:53,444:DEBUG:certbot.configuration:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).

do you see any paticuler step takes long? or certbot is just lazying and take long on each step?

4 Likes

Thanks, not sure as need to check with the developer. Can I ask how long a renewal should take? Does anyone know the average time? Appreciate the help.

1 Like

Is this when running interactively, or through a script/cron? I know that there's some logic to intentionally add a random delay when it thinks it's being non-interactively, to help ensure load on the CA's servers is spread out. I don't think that's it's at the point in the process where that log shows it, but just something to check on.

I wonder if it's taking a while to make the new key? If you run something like openssl genrsa 2048 does it similarly take a long time?

Is this some sort of "burstable" VM that has limited CPU credits that might be used up?

4 Likes

Thanks, I will check with my developer.

Does this help at all? Thanks again.

2024-05-15 09:10:53,122:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.41
2024-05-15 09:52:39,316:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f055f3b7400>
Prep: True
2024-05-15 09:52:39,317:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f055f3b7400>
Prep: True
2024-05-15 09:52:39,317:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f055f3b7400> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0x7f055f3b7400>
2024-05-15 09:52:39,317:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2024-05-15 09:52:39,370:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/130542299', new_authzr_uri=None, terms_of_service=None), d3f396c0ec29d83c57f8baab02cad623, Meta(creation_dt=datetime.datetime(2021, 7, 14, 11, 2, 34, tzinfo=), creation_host='parking.vs.mythic-beasts.com', register_to_eff=None))>
2024-05-15 09:52:39,371:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-05-15 09:52:39,372:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-05-15 09:52:39,726:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 747
2024-05-15 09:52:39,728:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:52:39 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"Vv7zmnPOm3A": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-05-15 09:52:39,732:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for dodo.co.uk and www.dodo.co.uk
2024-05-15 09:52:39,903:DEBUG:acme.client:Requesting fresh nonce
2024-05-15 09:52:39,903:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-05-15 09:52:40,028:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-05-15 09:52:40,030:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:52:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9tl4X0FTNRuIx7LAscGmBnjeXgP7p88HDKfZP3kcM4olsWLU6NQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2024-05-15 09:52:40,031:DEBUG:acme.client:Storing nonce: 9tl4X0FTNRuIx7LAscGmBnjeXgP7p88HDKfZP3kcM4olsWLU6NQ
2024-05-15 09:52:40,031:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "dodo.co.uk"\n },\n {\n "type": "dns",\n "value": "www.dodo.co.uk"\n }\n ]\n}'
2024-05-15 09:52:40,041:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOi...",
"signature": "cEfEu5rALLa...",
"payload": "ewogICJpZGV..."
}
2024-05-15 09:52:40,329:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 472
2024-05-15 09:52:40,330:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 15 May 2024 09:52:40 GMT
Content-Type: application/json
Content-Length: 472
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/130542299/269576081117
Replay-Nonce: 9tl4X0FT-1cusPkVZyr8lZJncnTBSFAX2nXZNvO1YovU1UelPhw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2024-05-22T09:52:40Z",
"identifiers": [
{
"type": "dns",
"value": "dodo.co.uk"
},
{
"type": "dns",
"value": "www.dodo.co.uk"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130542299/269576081117"
}
2024-05-15 09:52:40,331:DEBUG:acme.client:Storing nonce: 9tl4X0FT-1cusPkVZyr8lZJncnTBSFAX2nXZNvO1YovU1UelPhw
2024-05-15 09:52:40,331:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:52:40,336:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697:
{
"protected": "eyJhbGciO...",
"signature": "sdZ8vMFWcBs...",
"payload": ""
}
2024-05-15 09:52:40,476:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280697 HTTP/1.1" 200 794
2024-05-15 09:52:40,477:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:52:40 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: -fkSYaIhIp_EbFOAQ3ORCJ8Y_FpjmVvtz8ds9tDKP3kMCJd1DiQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "dodo.co.uk"
},
"status": "pending",
"expires": "2024-05-22T09:52:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/7m99ug",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/Zxmdhg",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
}
]
}
2024-05-15 09:52:40,477:DEBUG:acme.client:Storing nonce: -fkSYaIhIp_EbFOAQ3ORCJ8Y_FpjmVvtz8ds9tDKP3kMCJd1DiQ
2024-05-15 09:52:40,478:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:52:40,482:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707:
{
"protected": "eyJhbGciOiAiUlMyNTYiLC...",
"signature": "pCTROl4A_ZgkM8fc6kp4Cu...",
"payload": ""
}
2024-05-15 09:52:40,616:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280707 HTTP/1.1" 200 798
2024-05-15 09:52:40,617:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:52:40 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 9tl4X0FTZd9WnJLzJ6YDi1Yb-snJaRajSJNKH03kcbE5nhGlcfc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.dodo.co.uk"
},
"status": "pending",
"expires": "2024-05-22T09:52:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/T5DVrA",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/DaheHg",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
}
]
}
2024-05-15 09:52:40,617:DEBUG:acme.client:Storing nonce: 9tl4X0FTZd9WnJLzJ6YDi1Yb-snJaRajSJNKH03kcbE5nhGlcfc
2024-05-15 09:52:40,618:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-05-15 09:52:40,619:INFO:certbot._internal.auth_handler:http-01 challenge for dodo.co.uk
2024-05-15 09:52:40,619:INFO:certbot._internal.auth_handler:http-01 challenge for www.dodo.co.uk
2024-05-15 09:58:07,840:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: dodo.co.uk:443 in: /var/www/stenning.uk/bind_domains/virtual_hosts_individual/dodo.co.uk
2024-05-15 09:58:07,841:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: quickdns.co.uk in: /etc/apache2/sites-enabled/quickdns.co.uk.conf
2024-05-15 09:58:07,841:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: mail.quickdns.co.uk in: /etc/apache2/sites-available/mail.quickdns.co.uk.conf
2024-05-15 09:58:07,841:DEBUG:certbot_apache.internal.http_01:writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-
=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

2024-05-15 09:58:07,841:DEBUG:certbot_apache._internal.http_01:writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted

<Location /.well-known/acme-challenge>
Require all granted

2024-05-15 09:58:07,895:DEBUG:certbot.reverter:Creating backup of /var/www/stenning.uk/bind_domains/virtual_hosts_individual/dodo.co.uk
2024-05-15 09:58:07,895:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/quickdns.co.uk.conf
2024-05-15 09:58:07,895:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-available/mail.quickdns.co.uk.conf
2024-05-15 09:58:12,044:DEBUG:acme.client:JWS payload:
b'{}'
2024-05-15 09:58:12,047:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ:
{
"protected": "eyJhbGciOiA...",
"signature": "sM7Y8oofYJHX...",
"payload": "e30"
}
2024-05-15 09:58:12,049:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2024-05-15 09:58:12,511:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/351012280697/4ihPIQ HTTP/1.1" 200 187
2024-05-15 09:58:12,512:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:12 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ
Replay-Nonce: 7n34iCGfDfQo2rWfrUu5iDweFRCUoy38MQKvk-HNiM6skws3yj0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
}
2024-05-15 09:58:12,512:DEBUG:acme.client:Storing nonce: 7n34iCGfDfQo2rWfrUu5iDweFRCUoy38MQKvk-HNiM6skws3yj0
2024-05-15 09:58:12,513:DEBUG:acme.client:JWS payload:
b'{}'
2024-05-15 09:58:12,514:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA:
{
"protected": "eyJhbGciOi...",
"signature": "tnc4pnJFL...",
"payload": "e30"
}
2024-05-15 09:58:12,660:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/351012280707/0QOVuA HTTP/1.1" 200 187
2024-05-15 09:58:12,660:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:12 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA
Replay-Nonce: 7n34iCGf-kqVfcZ2Okdax3a2C29ErGKUFCuyD6tBhBwFgZq8JYU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA",
"token": "GDy73vuCDlrg_..."
}
2024-05-15 09:58:12,661:DEBUG:acme.client:Storing nonce: 7n34iCGf-kqVfcZ2Okdax3a2C29ErGKUFCuyD6tBhBwFgZq8JYU
2024-05-15 09:58:12,661:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-05-15 09:58:13,662:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:58:13,664:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697:
{
"protected": "eyJhbGciOiAiUl...",
"signature": "tfeoY5OJ...",
"payload": ""
}
2024-05-15 09:58:13,811:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280697 HTTP/1.1" 200 794
2024-05-15 09:58:13,811:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:13 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 7n34iCGfV7WxmQ2JgoZUfgyjrI9lQIXyvBy6crFKXzW7gv0AVKs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "dodo.co.uk"
},
"status": "pending",
"expires": "2024-05-22T09:52:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/7m99ug",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/Zxmdhg",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0"
}
]
}
2024-05-15 09:58:13,812:DEBUG:acme.client:Storing nonce: 7n34iCGfV7WxmQ2JgoZUfgyjrI9lQIXyvBy6crFKXzW7gv0AVKs
2024-05-15 09:58:13,813:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:58:13,817:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707:
{
"protected": "eyJhbGciOiAiUlMyN...",
"signature": "f9U3gArbS...",
"payload": ""
}
2024-05-15 09:58:13,972:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280707 HTTP/1.1" 200 798
2024-05-15 09:58:13,973:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:13 GMT
Content-Type: application/json
Content-Length: 798
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 7n34iCGfXsDKNnAuW6Xj0zYr1r9M43HcwCjGNz6JXb4jCxD7RHo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.dodo.co.uk"
},
"status": "pending",
"expires": "2024-05-22T09:52:40Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/T5DVrA",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/DaheHg",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI"
}
]
}
2024-05-15 09:58:13,973:DEBUG:acme.client:Storing nonce: 7n34iCGfXsDKNnAuW6Xj0zYr1r9M43HcwCjGNz6JXb4jCxD7RHo
2024-05-15 09:58:16,975:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:58:16,981:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697:
{
"protected": "eyJhbGciOiA...",
"signature": "RQ2nLWm1ZWd...",
"payload": ""
}
2024-05-15 09:58:17,134:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280697 HTTP/1.1" 200 747
2024-05-15 09:58:17,135:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:17 GMT
Content-Type: application/json
Content-Length: 747
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 7n34iCGfx1AEfqv8JOJaFjB13vRYv3Qjc4jMX8uk-uv1Qukl9vo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "dodo.co.uk"
},
"status": "valid",
"expires": "2024-06-14T09:58:14Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280697/4ihPIQ",
"token": "K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0",
"validationRecord": [
{
"url": "http://dodo.co.uk/.well-known/acme-challenge/K7P_jn9yPf32ylWQ2XQwgAPGpldzOA8UU1x66FraAZ0",
"hostname": "dodo.co.uk",
"port": "80",
"addressesResolved": [
"46.235.230.162"
],
"addressUsed": "46.235.230.162"
}
],
"validated": "2024-05-15T09:58:12Z"
}
]
}
2024-05-15 09:58:17,135:DEBUG:acme.client:Storing nonce: 7n34iCGfx1AEfqv8JOJaFjB13vRYv3Qjc4jMX8uk-uv1Qukl9vo
2024-05-15 09:58:17,136:DEBUG:acme.client:JWS payload:
b''
2024-05-15 09:58:17,140:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707:
{
"protected": "eyJhbGciOiA...",
"signature": "kELLT...",
"payload": ""
}
2024-05-15 09:58:17,285:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/351012280707 HTTP/1.1" 200 759
2024-05-15 09:58:17,286:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 09:58:17 GMT
Content-Type: application/json
Content-Length: 759
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 6Jd4kJYiai_Gjz6PXrS4AZB_-zftzLqAGCaHL5qmqJPG-hGGv8A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "www.dodo.co.uk"
},
"status": "valid",
"expires": "2024-06-14T09:58:16Z",
"challenges": [
{
"type": "http-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351012280707/0QOVuA",
"token": "GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI",
"validationRecord": [
{
"url": "http://www.dodo.co.uk/.well-known/acme-challenge/GDy73vuCDlrg_tyTf5pgT59le8sTh9GnJ9_BKG4ZNjI",
"hostname": "www.dodo.co.uk",
"port": "80",
"addressesResolved": [
"46.235.230.162"
],
"addressUsed": "46.235.230.162"
}
],
"validated": "2024-05-15T09:58:12Z"
}
]
}
2024-05-15 09:58:17,286:DEBUG:acme.client:Storing nonce: 6Jd4kJYiai_Gjz6PXrS4AZB_-zftzLqAGCaHL5qmqJPG-hGGv8A
2024-05-15 09:58:17,287:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-05-15 09:58:17,288:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-05-15 10:03:51,340:DEBUG:certbot._internal.client:CSR: CSR(file=None, data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICfT...y4Q76h0=\n-----END CERTIFICATE REQUEST-----\n', form='pem')
2024-05-15 10:03:51,341:DEBUG:certbot._internal.client:Will poll for certificate issuance until 2024-05-15 10:05:21.341359
2024-05-15 10:03:51,342:DEBUG:acme.client:JWS payload:
b'{\n "csr": "MIICfT..."\n}'
2024-05-15 10:03:51,344:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/130542299/269576081117:
{
"protected": "eyJhbGciOiA...",
"signature": "lIHGW923...",
"payload": "ewogICJ..."
}
2024-05-15 10:03:51,346:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2024-05-15 10:03:52,089:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/130542299/269576081117 HTTP/1.1" 200 574
2024-05-15 10:03:52,090:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 10:03:52 GMT
Content-Type: application/json
Content-Length: 574
Connection: keep-alive
Boulder-Requester: 130542299
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/130542299/269576081117
Replay-Nonce: 6Jd4kJYiUYixwuCsGSQEzDMaVKnj13-_zfgjGO7obzBPrxMU_hc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "valid",
"expires": "2024-05-22T09:52:40Z",
"identifiers": [
{
"type": "dns",
"value": "dodo.co.uk"
},
{
"type": "dns",
"value": "www.dodo.co.uk"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130542299/269576081117",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/039fc9a35a9c77616b92098dd6bc7db6b0b2"
}
2024-05-15 10:03:52,091:DEBUG:acme.client:Storing nonce: 6Jd4kJYiUYixwuCsGSQEzDMaVKnj13-_zfgjGO7obzBPrxMU_hc
2024-05-15 10:03:53,093:DEBUG:acme.client:JWS payload:
b''
2024-05-15 10:03:53,097:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/130542299/269576081117:
{
"protected": "eyJhbGciOiA...",
"signature": "mPGL053Us2q...",
"payload": ""
}
2024-05-15 10:03:53,248:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/130542299/269576081117 HTTP/1.1" 200 574
2024-05-15 10:03:53,249:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 10:03:53 GMT
Content-Type: application/json
Content-Length: 574
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 7n34iCGf1pPQu5zdbYO7R554iPt-5OPM1ZOai1CzORPckHqkNrQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "valid",
"expires": "2024-05-22T09:52:40Z",
"identifiers": [
{
"type": "dns",
"value": "dodo.co.uk"
},
{
"type": "dns",
"value": "www.dodo.co.uk"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280697",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/351012280707"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130542299/269576081117",
"certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/039fc9a35a9c77616b92098dd6bc7db6b0b2"
}
2024-05-15 10:03:53,250:DEBUG:acme.client:Storing nonce: 7n34iCGf1pPQu5zdbYO7R554iPt-5OPM1ZOai1CzORPckHqkNrQ
2024-05-15 10:03:53,250:DEBUG:acme.client:JWS payload:
b''
2024-05-15 10:03:53,255:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/039fc9a35a9c77616b92098dd6bc7db6b0b2:
{
"protected": "eyJhbGciOiA...",
"signature": "Z0qOPEflkzY...",
"payload": ""
}
2024-05-15 10:03:53,421:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/039fc9a35a9c77616b92098dd6bc7db6b0b2 HTTP/1.1" 200 3604
2024-05-15 10:03:53,422:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 15 May 2024 10:03:53 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 3604
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index", https://acme-v02.api.letsencrypt.org/acme/cert/039fc9a35a9c77616b92098dd6bc7db6b0b2/1;rel="alternate"
Replay-Nonce: 6Jd4kJYi3Nm4T19PhMrvPYdVoTxlI83Pz8s8U-EbuZSFgXduBOc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----

Update:

We are running certbot using cron. If there is some random delay on CA's servers then it's not depend on our server.
Command like "openssl genrsa 2048" was executed fast (about 1s) .

1 Like

I've not checked every line of logs, but how large is your Apache configuration? Small? Huge?

1 Like