Ejabberd: ACME validation fails with Let's Encrypt staging CA

Created on 25 Jun 2018  路  9Comments  路  Source: processone/ejabberd

Hi there,

What version of ejabberd are you using?

18.4.0

What operating system (version) are you using?

Docker: ejabberd/ecs:18.04
OS: CoreOS 1745.3.1

How did you install ejabberd (source, package, distribution)?

Docker image

What did not work as expected?

Ejabberd ACME support with Let's Encrypt staging CA

Are there error messages in the log?

[info] Registering hook for ACME HTTP headers
[info] (<0.544.0>) Accepted connection 52.29.173.72:35878 -> 172.17.0.2:8080
[info] (<0.545.0>) Accepted connection 66.133.109.36:52424 -> 172.17.0.2:8080
[error] Unable to serve key authorization in: [<<"acme-challenge">>,<<"ztjsYdUiIOKGDwAv****************************">>]
[info] (<0.546.0>) Accepted connection 13.58.30.69:55404 -> 172.17.0.2:8080
[error] Unable to serve key authorization in: [<<"acme-challenge">>,<<"ztjsYdUiIOKGDwAv****************************">>]
[info] (<0.547.0>) Accepted connection 34.213.106.112:35948 -> 172.17.0.2:8080
[error] Unable to serve key authorization in: [<<"acme-challenge">>,<<"ztjsYdUiIOKGDwAv****************************">>]
[error] Maximum request limit waiting for validation reached
[error] Error: {error,{badmatch,{error,max_request_limit}}} getting an authorization for domain: <<"test.chat.example.com">>
[info] Unregistering hook for ACME HTTP headers

What was the unexpected behavior?

Based on the example config comments I created a config with the following key parts:

hosts:
  - "test.chat.example.com"
...
listen:
  -
    port: 8080
    ip: "0.0.0.0"
    module: ejabberd_http
...
acme:
   contact: "mailto:[email protected]"
   ca_url: "https://acme-staging.api.letsencrypt.org"

Running ejabberdctl get_certificates all with this config returns the following:

Error for domain: "test.chat.example.com",  with reason: 'authorization'

And the log lines above.

If I use the production Let's Encrypt CA url it works successfully but while I'm in dev I'd like to be using the staging url so that I don't hit any rate limits.

Thanks,
Alex

Enhancement Advanced
Source
picture alexrudd
👍1

Most helpful comment

I have the same issue with 18.12.1

picture zentavr on 29 Dec 2018
👍2

All 9 comments

ACME improvements is on my TODO list. I will try to solve all its accumulated problems by 18.08.

zinid picture zinid on 27 Jun 2018

Great to hear. Thank you!

alexrudd picture alexrudd on 28 Jun 2018

ACME improvements is on my TODO list. I will try to solve all its accumulated problems by 18.08.

Any updates? I'am stucked at : [error] <0.606.0>@ejabberd_acme:create_new_account:286 Error: {error,badarg} creating an account for contact: <<"mailto:[email protected]">>

Snowmanko picture Snowmanko on 10 Dec 2018

I have the same issue with 18.12.1

zentavr picture zentavr on 29 Dec 2018
👍2

Same issue, also 18.12.1. Did anyone solve it?

rsys-dev picture rsys-dev on 22 Jan 2019

I encountered this error only for renew certificate.
After comment this line it's work for renew cert.

ca_url: "https://acme-v01.api.letsencrypt.org"

tomamplius picture tomamplius on 23 Jan 2019
👍1

Yep, with ca_url: "https://acme-v01.api.letsencrypt.org" uncommented, I get the [error] <0.606.0>@ejabberd_acme:create_new_account:286 error; with it commented out, I get the error,max_request_limit error.

jwise picture jwise on 26 Mar 2019

i am facing same issue with latest ejabberd.

bijaykanshinew picture bijaykanshinew on 30 Jun 2021

@bijaykanshinew which error?

licaon-kter picture licaon-kter on 30 Jun 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lucastimotiofirmino picture lucastimotiofirmino  路  3Comments
Vshnv picture Vshnv  路  4Comments
ibrahimkoujar picture ibrahimkoujar  路  3Comments
irvingwa picture irvingwa  路  3Comments
andrew-vant picture andrew-vant  路  4Comments