Comments (4)
GUI
commented on August 30, 2024
Hm, the very first request should be handled without timing out or dropping the connection. The first request will be delayed slightly (while the certificate is being registered), but in my experience this usually doesn't last more than 2-5 seconds.
The only time I've seen these "timeout" errors is when I've been doing lots of local integration testing against Let's Encrypt's staging environment and I've been rate limited by Let's Encrypt. So one quick question is do you think you've tried registering enough domains in a short period of time to hit any Let's Encrypt rate limits?
But you're case also sounds interesting, because you do get a valid certificate after the second request. So this leads me to believe that the certificate registration is succeeding, but perhaps just taking longer than we expect. After looking at the code, it does look like there is a 15 second default timeout in one of the libraries we use that would explain this specific "timeout" error. If this 15 second timeout was hit, then I think the certificate registration could still eventually succeed in the background, but it would lead to this first failed request, like you describe.
So while I'm still not sure why the certificate registration is taking longer for you than normal, it could be a variety of things like rate limits, or temporary slowdowns on Let's Encrypt's end. So I think it could be worth us increasing our default timeout to at least allow for potential delays in a bit more graceful manner.
from lua-resty-auto-ssl.
GUI
commented on August 30, 2024
I've released v0.8.4 with an increase in the default timeout. I believe this should solve the issue you ran into, and generally make things better behaved if Let's Encrypt randomly takes longer sometimes.
But please let me know if you're still seeing any issues like this in v0.8.4.
Thanks for finding this!
from lua-resty-auto-ssl.
GUI
commented on August 30, 2024
@serathius: As a quick heads up, I recently uncovered the fact that this potential timeout issue wasn't correctly addressed in v0.8.4. Due to some rather silly oversights on my part, the default timeout had not in fact been extended from 15 seconds to 60 seconds. This meant there could still be potential problems if Let's Encrypt's servers took longer than 15 seconds to respond.
This bug should be properly addressed in v0.10.2, though, which I just published. In that version, the default timeout is now 60 seconds, and I'm pretty sure it's working this time. :)
Sorry for the mixup, but thanks again for the original report!
from lua-resty-auto-ssl.
pra-cloud
commented on August 30, 2024
My certificate renewal is not failed but i am getting this issue a lot and it makes my production down need help asap.
lua tcp socket read timed out, context: ssl_certificate_by_lua*, client: 172.69.58.204, server: 0.0.0.0:443
from lua-resty-auto-ssl.
Related Issues (20)
- Is it possible to change the LE CA to a custom CA? HOT 1
- Working with a Third-Party ACME Provider and Request is Incorrect HOT 2
- How to pass username in auth option for redis.
- Does it support zerossl
- Test against newer versions of OpenResty HOT 5
- Certificates with multiple accounts HOT 1
- How to explicitly delete a domain/certificate? HOT 1
- Proxy Protocol v2 not supported
- How change allow_domains to file separate
- Security issue
- New Release? HOT 6
- Migrate letsencrypt certifcates on disk to lua-resty-open-ssl HOT 2
- Failing to use the 'has_certificate' method HOT 1
- Renewal fails with error: auto-ssl: failed to obtain lock: closed, context: ngx.timer
- Move Out Renewal Jobs to Another Server HOT 1
- Let's Encrypt response on renewal: Order's status ("valid") is not acceptable for finalization
- Update Dehydrated to 0.7.1+ to fix issuance with Let's Encrypt
- Cannot change the renewal interval
- Remove cached certificate HOT 1
- How To Clear Queued Renewal Work? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-auto-ssl.