We’ve been using certbot happily for a while; now I ran into this weird problem: I want to fetch 1 certificate for 8 domains (4 domains, with/without www.), and each time I get a timeout for the last 1 or 2 of them. I tried splitting them in 4+4, just to see if it works with fewer, and it does (for all domains, so I’d infer it can’t be the DNS). It looks to me as if it takes too long if there’s >6 domains… Any ideas?
Cheers, Kim
I ran this command: certbot certonly --standalone -d domain1.ch -d www.domain1.ch -d domain2.ch -d www.domain2.ch …
If that works (against the live server too, without --dry-run), but standalone doesn’t (consistently), then I would guess that there’s a problem with the standalone authenticator on OS X.
lighttpd webroot + live server also works. I remembered that I did update certbot and downgraded from certbot 0.21.1 to 0.19.0 now; no problem with --standalone there (didn’t test thoroughly though). Thanks for your help!
@bmw, would you agree that this suggests a macOS-specific bug in --standalone? If so, I can open an issue about it.
@pemperempem, would you be willing to share some logs from /var/log/letsencrypt related to these attempts so that we can confirm what Certbot was trying to do in these cases?
Sure seems that way. I thought it might be AAAA vs A record issues, but the domain it failed on doesn’t have a AAAA record.
Another thought is authz reuse and the domains it’s succeeding for already have valid authorizations. Certbot logs would allow us to see if this is the case.
It’s strange to me you’re getting a connection for some domains and not others when all domains are pointing to the same IP. It’s hard for me to imagine what could be a problem in Certbot that would cause this, but I can’t think of any other relevant questions to ask now.
As for someone who has an ongoing interest in macOS fixes, while we regularly test against macOS, there are no devs currently especially focused on efforts here.