The server experienced an internal error :: Error finalizing order

bigo104 · November 17, 2019, 6:30pm

Nice thanks for the updates

adefallo · November 17, 2019, 7:08pm

Thank you for all your hard work, especially on a Sunday! So much respect for fellow SysAdmins!

Phil · November 17, 2019, 7:17pm

We’re in the process of restoring API services right now. Before we re-enable certificate issuance we’re going to process the orphaned certificates queue.

anklavbot · November 17, 2019, 7:20pm

thank you for your work

xurp · November 17, 2019, 7:45pm

I now have “Error creating new order :: too many certificates already issued for exact set of domains”. Like seriously, my backend has been down for hours and all my API services can’t be reached by my clients and I can’t ask for a certificate because I’ve tried to solve the problem.
I have deleted every certbot configuration files because I thought the problem was from my side. How can I retrieve a certificate?

tsobis · November 17, 2019, 7:47pm

same here --> too many certificates already issued

jsha · November 17, 2019, 7:48pm

Certificates that were issued during the outage and later incorporated into the database are currently counting against rate limits. We realize that means some people will incorrectly see rate limited status even though they never got certificates during the outage. We’re discussing ways to fix, and will update when we have a conclusion.

jsha · November 17, 2019, 7:58pm

Quick update: We have an implementation plan to fix the rate limit issues and working on fixing it.

bahrdlaxwi · November 17, 2019, 8:16pm

Has the fix been implemented? For those effected should we attempt to renew ?

jsha · November 17, 2019, 8:17pm

Not yet. Will update here and on https://letsencrypt.status.io when it has.

neo1089 · November 17, 2019, 8:22pm

As a quick fix for “too many certificate”, we grabbed the latest certificate from here, https://check-your-website.server-daten.de and then matched the certificate with correct key located at /etc/letsencrypt/ keys and updated the .conf file accordingly. It seemed to work for us. Hope it helps for any one looking to get their site running ASAP.

JuergenAuer · November 17, 2019, 8:25pm

Oh, that works? I've checked some domains, normally, the leaf certificate is downloaded, if Certspotter has only the pre-certificate.

But I didn't found such download links (checked a few hours earlier).

May work since Letsencrypt works again.

Good to know - thanks!

JuergenAuer · November 17, 2019, 8:47pm

Now tested. The domain ronanarraes.com - listet there - @Ronis_BR

With

The server experienced an internal error :: Error finalizing order

The old check (17:00, Berlin, +01):

Only Precerts, 13 created today, so the 5 identical certificates limit didn't block.

Now rechecked the domain (21:37):

Now the leaf certificates are available.

To use: Find the private key with the same time (may be one hour wrong), download the leaf certificate -> install it manual.

jsha · November 17, 2019, 8:57pm

We’ve now applied the fix for rate limit issues. Anyone affected by rate limits should try again now.

jsha · November 17, 2019, 8:59pm

I’ve posted a preliminary incident report at 2019.11.17 Autoincrement maxed out.

bahrdlaxwi · November 17, 2019, 9:19pm

I was able to renew my cert. I would like to thank you and your team for the communication. Not going to lie i felt sick when the rate limit became an issue. All of my services are up and running!!

JuergenAuer · November 17, 2019, 9:32pm

Now all is green.

https://letsencrypt.status.io/

So it’s time to unpin this topic.

JuergenAuer · November 17, 2019, 9:32pm

bezludny · November 18, 2019, 12:15pm

Thanks a lot for your hard work, guys!

jsha · November 23, 2019, 6:59pm