The server experienced an internal error :: Error finalizing order

JuergenAuer · November 17, 2019, 4:34pm

If you see that error creating a new Letsencrypt certificate:

Wait, if the red

Service status: Service Disruption

is gone.

Or check

Thanks!

PS: Please don't start a new topic. Use this topic if you have that error message.

Makes things easier.

Phil · November 17, 2019, 5:09pm

Thank you @JuergenAuer!

bigo104 · November 17, 2019, 5:30pm

Wow this is bad huh?
Hack or just system outage?

Phil · November 17, 2019, 5:38pm

@bigo104,

We’re encountering an API outage stemming from a database problem and are working through it as we speak per https://letsencrypt.status.io/ . We’ve been through worse and will get through this too. Remember, it’s just another day as an SRE.

maxh · November 17, 2019, 5:44pm

Would it be worth changing the appearance of the banner? Black on red isn’t the greatest contrast, so making it larger or changing it to just a red border instead of solid red (or both) might help people see it.

bigo104 · November 17, 2019, 6:11pm

Ya, I cant imagine managing such an infrastructure – thanks for all your service and hard work – you guys are saving lives out here – for real!!!

orangepizza · November 17, 2019, 6:12pm

I assume OSCP responder checks effected database to check if it’s revoked(and we did signed it at all)?

bigo104 · November 17, 2019, 6:13pm

For real – managing problems and they should push to update a ui css change , cmon bruh – fruitless.

Phil · November 17, 2019, 6:15pm

The OCSP responders are functioning as intended.

bigo104 · November 17, 2019, 6:30pm

Nice thanks for the updates

adefallo · November 17, 2019, 7:08pm

Thank you for all your hard work, especially on a Sunday! So much respect for fellow SysAdmins!

Phil · November 17, 2019, 7:17pm

We’re in the process of restoring API services right now. Before we re-enable certificate issuance we’re going to process the orphaned certificates queue.

anklavbot · November 17, 2019, 7:20pm

thank you for your work

xurp · November 17, 2019, 7:45pm

I now have “Error creating new order :: too many certificates already issued for exact set of domains”. Like seriously, my backend has been down for hours and all my API services can’t be reached by my clients and I can’t ask for a certificate because I’ve tried to solve the problem.
I have deleted every certbot configuration files because I thought the problem was from my side. How can I retrieve a certificate?

tsobis · November 17, 2019, 7:47pm

same here --> too many certificates already issued

jsha · November 17, 2019, 7:48pm

Certificates that were issued during the outage and later incorporated into the database are currently counting against rate limits. We realize that means some people will incorrectly see rate limited status even though they never got certificates during the outage. We’re discussing ways to fix, and will update when we have a conclusion.

jsha · November 17, 2019, 7:58pm

Quick update: We have an implementation plan to fix the rate limit issues and working on fixing it.

bahrdlaxwi · November 17, 2019, 8:16pm

Has the fix been implemented? For those effected should we attempt to renew ?

jsha · November 17, 2019, 8:17pm

Not yet. Will update here and on https://letsencrypt.status.io when it has.