Electron-builder: Can't sign app: The specified timestamp server either could not be reached or returned an invalid response.

I literally just faced the same issue!
It looks like either http://timestamp.comodoca.com is misbehaving, or it implements some sort of request filtering. Here is a note from https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server:

If you are signing several pieces of software with a script, please add a delay of 15 seconds or more between signings so that you're not hammering our servers.

I'm having the same issue today also

My sign command is using http://timestamp.comodoca.com/rfc3161 for the /tr flag

This was working just fine 3 days ago, so I'm guessing @vshymanskyy is right and there is some issue with the timestamp server

Me too since it was working literally a few hours ago and I don't think I changed anything

@Mike-Wood Ok, it just worked for me 2 minutes ago. Maybe its fixed now?

I set build.win.rfc3161TimeStampServer in package.json to a different server (http://sha256timestamp.ws.symantec.com/sha256/timestamp) and it worked.

I found the Symantec server in https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710

Thanks claygriffiths! Using a different timestamp server worked for me!

@fridgerator Using the default timestamp server is still broken for me although using http://sha256timestamp.ws.symantec.com/sha256/timestamp works

I'm getting this same error, and have tried using the symantec server as described here, but am not having any luck.

I am trying to sign using the NSIS installer on Windows. I thought for awhile the problem was with my certificate or how I was passing it, but then noticed that it does sometimes successfully sign one or two of the files before failing. From what I can gather it signs (at least) 3 files: my application's main exe, elevate.exe, and an uninstaller (with __uninstaller in the name), and my builds seem to fail on one of them randomly. That makes me wonder if it is a rate limiting issue with some/most/all of the timestamp servers, but that is just a guess.

I've also noticed that even with build.win.rfc3161TimeStampServer set to the symantec server in package.json, the errors are still indicating signtool.exe is being passed other servers in the /tr flag. I've seen http://timestamp.comodoca.com/rfc3161 and http://timestamp.verisign.com/scripts/timstamp.dll and possibly others in addition to the symantec URL specified in package.json, again seemingly randomly with each failure.

I have had _one_ successful run, so I know it's possible, but the (seemingly) random failures are driving me a little nuts. I've only been trying the last couple of days, and based on other comments above the timestamp servers seem to have intermittent issues, so maybe I just have bad timing.

Anyone else had these issues again recently? Any insights or workarounds?

The problem is that the default server is "timestamp.comodoca.com/rfc3161" and they say this on the page:

If you are signing several pieces of software with a script, please add a delay of 15 seconds or more between signings so that you're not hammering our servers.

However electron-builder has much shorter delays. Even when it fails, it says it will retry in 2 seconds - delay needs to be changed to at least 15 seconds.

Any updates here? Sometimes it takes 5-10 retries to build until it doesn't throw an error

The workaround also doesn't work anymore, as sha256timestamp.ws.symantec.com has been shut down by DigiCert on 2019-10-31. Any other SHA256 timestamp servers to try?

@Mike-Wood, since the workaround no longer works, shouldn't this issue be re-opened?

Yeah, I'll re open it.

I haven't got my electron-builder setup for most of the time so It might take a while for me to test subsequent fixes though.