Staging endpoint timing out: not sending response headers

mholt · February 15, 2018, 1:38am

A few of us (working on Caddy) have run into trouble accessing the staging endpoint:

[INFO][test25.finerpixels.com] acme: Obtaining bundled SAN certificate
2018/02/14 18:27:55 [INFO][test25.finerpixels.com] AuthURL: https://acme-staging.api.letsencrypt.org/acme/authz/NZEckExunMT0y6dIjAYUOaVKlfIT2YHh6-s4T2B5jKc
2018/02/14 18:27:55 [INFO][test25.finerpixels.com] acme: Could not find solver for: dns-01
2018/02/14 18:27:55 [INFO][test25.finerpixels.com] acme: Trying to solve HTTP-01
2018/02/14 18:27:55 [INFO][test25.finerpixels.com] Served key authentication
2018/02/14 18:27:55 [INFO][test25.finerpixels.com] Served key authentication
2018/02/14 18:27:56 [INFO][test25.finerpixels.com] Served key authentication
2018/02/14 18:27:56 [INFO][test25.finerpixels.com] Served key authentication
2018/02/14 18:27:56 [INFO][test25.finerpixels.com] The server validated our request
2018/02/14 18:27:56 [INFO][test25.finerpixels.com] acme: Validations succeeded; requesting certificates
2018/02/14 18:28:13 [test25.finerpixels.com] failed to get certificate: Failed to HTTP POST to https://acme-staging.api.letsencrypt.org/acme/new-cert -> Post https://acme-staging.api.letsencrypt.org/acme/new-cert: net/http: timeout awaiting response headers
exit status 1

We haven’t changed our ACME client code recently, and this is reliably being reproduced over and over again by multiple machines. Is staging having an issue currently?

(To preempt the predictable first question – yes, the client code we’re using is quite stable and was working earlier today.)

nodesocket · February 15, 2018, 1:53am

also seeing this timeout behavior in Caddy. Unable to use the staging ca.

Strange because I am able to curl without a timeout:

curl -i -X POST https://acme-staging.api.letsencrypt.org/acme/new-cert
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 96
Replay-Nonce: pbnz1ktVUaznan89qRBD8zSqFUrwPjCJ-D-7Ui71Kms
Expires: Thu, 15 Feb 2018 01:57:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 15 Feb 2018 01:57:27 GMT
Connection: close

{
  "type": "urn:acme:error:malformed",
  "detail": "Parse error reading JWS",
  "status": 400
}

cpu · February 15, 2018, 2:23pm

Strange! I'm not aware of any outages. Is the problem still ongoing for you or has it resolved itself overnight?

@isk @devnullisahappyplace Any thoughts?

mholt · February 15, 2018, 3:09pm

It still happened for me about 8 hours ago when I went to sleep. However I just tried again and it worked fine. The outage seemed to be the ACME server hanging when actually issuing the certificate; other kinds of requests to the staging server succeeded in getting some sort of response. Just getting the actual certificate was hanging for too long.

Maybe something to look into – hopefully this kind of thing won’t crop up on the production endpoint. If you look for my domain in your logs maybe that will be revealing, I dunno.

nodesocket · February 15, 2018, 11:25pm

Also confirm, just restarted Caddy and staging is working again. It is a bit concerning that staging being down did not trigger any alerts or notifications. I’m guessing the checks don’t actually try making a certificate request, they just check the API endpoint is up.

system · March 17, 2018, 11:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.