Lego: time limit exceeded while running lego
Got "time limit exceeded" while running lego, any suggestion where I should look into...
sudo NAMESILO_API_KEY=xxxxxxxxxxx /opt/bitnami/letsencrypt/lego --dns="namesilo" --domains="johocen.com" --domains="*.johocen.com" --email="[email protected]" --path="/opt/bitnami/letsencrypt" run
2019/09/16 10:31:02 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/16 10:31:03 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/255366779
2019/09/16 10:31:03 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/366085102
2019/09/16 10:31:03 [INFO] [johocen.com] acme: authorization already valid; skipping challenge
2019/09/16 10:31:03 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/16 10:31:03 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/16 10:31:03 [INFO] [*.johocen.com] acme: Trying to solve DNS-01
2019/09/16 10:31:03 [INFO] [*.johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/16 10:31:03 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/09/16 10:31:04 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
...
2019/09/16 10:32:05 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/16 10:32:06 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: Bp1IZfoGqWIzZwFFBOQhXlkC
fqTLunZPwG2t5TrkZEg]: 13DobYBLHfgdWXBwwyiw4sRlOqktG3kQ-xxxxxxxxxx
mubiesam
All 12 comments
Hello,
you can change the timeout by defining the env var NAMESILO_PROPAGATION_TIMEOUT
ldez
on 17 Sep 2019
Hi @ldez
Tried with this...
sudo NAMESILO_API_KEY=xxxxxxxxxxxxxxxxxxxxx NAMESILO_PROPAGATION_TIMEOUT=15m /opt/bitnami/letsencrypt/lego --dns="namesilo" --domains="johocen.com" --domains="*.johocen.com" --email="[email protected]" --path="/opt/bitnami/letsencrypt" run
But got
acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)
I checked NAMESILO, there are 5 _acme-challenge in txt record, (4 _acme-challenge + 1 _acme-challenge.www), I had add 2 manually before using Bitnami HTTP configuration tool, so the other 3 should be created by Bitnami tool.
Should I delete all 5 existing and run the lego command again? or how can I identify which should be kept?
Thanks
2019/09/17 09:31:59 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/17 09:32:00 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/380243879
2019/09/17 09:32:00 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/380243881
2019/09/17 09:32:00 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/17 09:32:00 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/17 09:32:00 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/17 09:32:00 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/17 09:32:00 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/17 09:32:01 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/17 09:32:02 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 09:32:03 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 09:32:04 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] [*.johocen.com] acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)
[johocen.com] [johocen.com] acme: error presenting token: namesilo: failed to add record code: 280, details: could not add resource record to domain since it already exists (duplicate)
yes you have to clean the previous TXT records.
ldez
on 17 Sep 2019
Hi @ldez
Ran again after clean the previous TXT records, a long list "acme: Waiting for DNS record propagation" but still got error "time limit exceeded" which I had set NAMESILO_PROPAGATION_TIMEOUT=15m already.
Meanwhile, NS ns1.dnsowl.com. did not return the expected TXT record, it seems the first value is newly generated and rest 4 are previously deleted.
So I had added all 5 back including the new one starting with uA7zs-xxxxxxxx, but still got the same error "time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record" with 7 values in total.
Any idea where I might be wrong?
2019/09/17 22:52:29 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 22:52:29 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/17 22:52:31 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: uA7zs-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]: 13DobYBLHfgdWXBwwyiw4sRlOqktG3kQ-xxxxxxxxx ,Bp1IZfoGqWIzZwFFBOQhXlkCfqTLunxxxxxxxx ,UDKhNvM-xcXjY48V7fvleHrB__xxxxxxxxxxx ,cCuChh687OdJkIV2Yzzhclo9B7GDV2-xxxxxxxxxxx
[johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: syk4Y8Io90tKPD780T6IO-wueg-xxxxxxxxxx]: 13DobYBLHfgdWXBwwyiw4sRlOqktG3kQ-xxxxxxxxx ,Bp1IZfoGqWIzZwFFBOQhXlkCfqTLunxxxxxxxx ,UDKhNvM-xcXjY48V7fvleHrB__xxxxxxxxxxx ,cCuChh687OdJkIV2Yzzhclo9B7GDV2-xxxxxxxxxxx
Hi @ldez
Got reply from NAMESILO
this is what we got back from our IT:
Can user get us full log? This is not a issue of namesilo. It`s not implemented feature of Letsencrypt via our api. Customer can use http method to get certs.
You had listed them here https://go-acme.github.io/lego/dns/namesilo/
But it's kind of strange that it seems they did not implement dns challenge ?
Thanks
mubiesam
on 21 Sep 2019
for me the provider works, see #916.
ping @sbzlyessit
ldez
on 21 Sep 2019
The challenge only add and remove TXT records, so the Namesilo API support it
- https://www.namesilo.com/api_reference.php#dnsAddRecord
- https://www.namesilo.com/api_reference.php#dnsDeleteRecord
You cannot add manually TXT records because they need to be generated by lego.
ldez
on 21 Sep 2019
As all I usage of namesilo, their dns propogation is quite slow, I usually set the timeout to 30 mins. And when I test the provider, 15 mins timeout is the bottom line to make it work.
You can also access namesilo dns manager to see whether there is dns record inserted when waiting for propagation
sbzlyessit
on 21 Sep 2019
Hi @sbzlyessit
Every time I run lego, the dns record on my namesilo will be inserted 2 new txt records (johocen.com & *.johocen.com), but got same "time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record"
I had followed the suggestion from @ldez to clean the previous TXT records, but got the same error.
It seems lego is working half way, but got time out. I just tried now NAMESILO_PROPAGATION_TIMEOUT=30m
(Does this make sense in the log: Wait for propagation [timeout: 1m0s, interval: 2s])
but still got the same error. (I had removed all txt records for _acme-challenge, but still got all previous plus 2 new in the error message)
Any comment?
2019/09/21 04:08:42 [INFO] [johocen.com, *.johocen.com] acme: Obtaining bundled SAN certificate
2019/09/21 04:08:44 [INFO] [*.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435613118
2019/09/21 04:08:44 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/435613119
2019/09/21 04:08:44 [INFO] [*.johocen.com] acme: use dns-01 solver
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/21 04:08:44 [INFO] [*.johocen.com] acme: Preparing to solve DNS-01
2019/09/21 04:08:44 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/21 04:08:45 [INFO] [*.johocen.com] acme: Trying to solve DNS-01
2019/09/21 04:08:45 [INFO] [*.johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 04:08:45 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/09/21 04:08:46 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:49 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:51 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:54 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:56 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:08:59 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:01 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:04 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:06 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:09 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:11 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:14 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:16 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:19 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:21 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:24 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:26 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:29 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:31 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:34 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:36 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:39 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:41 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:44 [INFO] [*.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Trying to solve DNS-01
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 04:09:46 [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]
2019/09/21 04:09:46 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:49 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:51 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:53 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:56 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:09:58 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:01 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:03 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:06 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:08 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:11 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:13 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:16 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:18 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:21 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:23 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:26 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:28 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:31 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:33 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:36 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:38 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:41 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:43 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:46 [INFO] [johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 04:10:48 [INFO] [*.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 04:10:48 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 04:10:51 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[*.johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: K-FtqWpPd49T0-0uIY8gFNohor-vzzLYu1Z_DTvnpXI]: gigNbtKRqvo7ixD_XDp_cie75UAUxaxZxc0VWrVEFUY ,Yb0yU8fRD6BEtmE2ee_k-_ZGr2Dcsj8Y7LlOwQ8g4Hg ,9X5BmOHlAL9vU1amv7vPqonXiMBMCgNRb6Hu7KsWSP8 ,KSF1GZTjwZi9Q5cYMhcLxnG8wyOJdVuHnvDw_YqgDW4 ,ln8YTLKmUcxbe17_T9l4BfN4ICKBkWyAhOgLTVlMAao ,bGILIvAsVnxTATYLPVdVWK9IxpgFNu1LSEaZ3r8ZHLE ,RCJWxMKat4y2JWZRZHBtyHjckOlkD0xQ1voPjretg_4 ,u1Vo9zaVC05HVBlOQrAcNtWj93_xOneqTjNrgmGzLr8 ,DHjMo0p2_C2MQwPbnV4VWZnPtU5ccXaTBpuRyYy25bQ ,JK-6q0kzie7kHANYGM7Nlt9zguF9I2ryvr1cm87EB2I
[johocen.com] time limit exceeded: last error: NS ns1.dnsowl.com. did not return the expected TXT record [fqdn: _acme-challenge.johocen.com., value: Y4QexIZcOmfLzz8kachRqh0jmAlx2yhUzWOwu3ITm-Y]: gigNbtKRqvo7ixD_XDp_cie75UAUxaxZxc0VWrVEFUY ,Yb0yU8fRD6BEtmE2ee_k-_ZGr2Dcsj8Y7LlOwQ8g4Hg ,9X5BmOHlAL9vU1amv7vPqonXiMBMCgNRb6Hu7KsWSP8 ,KSF1GZTjwZi9Q5cYMhcLxnG8wyOJdVuHnvDw_YqgDW4 ,ln8YTLKmUcxbe17_T9l4BfN4ICKBkWyAhOgLTVlMAao ,bGILIvAsVnxTATYLPVdVWK9IxpgFNu1LSEaZ3r8ZHLE ,RCJWxMKat4y2JWZRZHBtyHjckOlkD0xQ1voPjretg_4 ,u1Vo9zaVC05HVBlOQrAcNtWj93_xOneqTjNrgmGzLr8 ,DHjMo0p2_C2MQwPbnV4VWZnPtU5ccXaTBpuRyYy25bQ ,JK-6q0kzie7kHANYGM7Nlt9zguF9I2ryvr1cm87EB2I
Firstly, following are correct behaviors:
- johocen.com & *.johocen.com txt records can be added, depends on your command
- _acme-challenge record will be inserted during the propagation, but should be removed if there is no error to the command
Then, the log looks wrong, "[timeout: 1m0s, interval: 2s]" means the timeout is still 1 min.
I think 30m somehow has problem to recognize, now, not sure why. You can try following env, this is what I used to test namesilo:
NAMESILO_PROPAGATION_TIMEOUT=3600 NAMESILO_POLLING_INTERVAL=120 NAMESILO_TTL=3600
After it works, then make it shorter.
sbzlyessit
on 21 Sep 2019
with the Additional Configuration...
````
NAMESILO_PROPAGATION_TIMEOUT=3600 NAMESILO_POLLING_INTERVAL=120 NAMESILO_TTL=3600
It seems working, although with a nonce error retry: acme: error: 400
2019/09/21 08:10:18 [INFO] [johocen.com, .johocen.com] acme: Obtaining bundled SAN certificate
2019/09/21 08:10:20 [INFO] [.johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/438120057
2019/09/21 08:10:20 [INFO] [johocen.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/438120059
2019/09/21 08:10:20 [INFO] [.johocen.com] acme: use dns-01 solver
2019/09/21 08:10:20 [INFO] [johocen.com] acme: Could not find solver for: tls-alpn-01
2019/09/21 08:10:20 [INFO] [johocen.com] acme: Could not find solver for: http-01
2019/09/21 08:10:20 [INFO] [johocen.com] acme: use dns-01 solver
2019/09/21 08:10:20 [INFO] [.johocen.com] acme: Preparing to solve DNS-01
2019/09/21 08:10:21 [INFO] [johocen.com] acme: Preparing to solve DNS-01
2019/09/21 08:10:22 [INFO] [.johocen.com] acme: Trying to solve DNS-01
2019/09/21 08:10:22 [INFO] [.johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 08:10:22 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 2m0s]
2019/09/21 08:10:22 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:12:22 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:14:22 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:16:22 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:18:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:20:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:22:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:24:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:26:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:28:23 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:30:24 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:32:24 [INFO] [.johocen.com] acme: Waiting for DNS record propagation.
2019/09/21 08:34:25 [INFO] nonce error retry: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/438120057/w03NJQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0002SIwP-QRLt85ROo1tKvIfIJWvHeOoGKYv94bPeml0QI0", url:
2019/09/21 08:34:26 [INFO] [.johocen.com] The server validated our request
2019/09/21 08:34:26 [INFO] [johocen.com] acme: Trying to solve DNS-01
2019/09/21 08:34:26 [INFO] [johocen.com] acme: Checking DNS record propagation using [169.254.169.254:53]
2019/09/21 08:34:26 [INFO] Wait for propagation [timeout: 1h0m0s, interval: 2m0s]
2019/09/21 08:34:27 [INFO] [johocen.com] The server validated our request
2019/09/21 08:34:27 [INFO] [.johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 08:34:28 [INFO] [johocen.com] acme: Cleaning DNS-01 challenge
2019/09/21 08:34:29 [INFO] [johocen.com, *.johocen.com] acme: Validations succeeded; requesting certificates
2019/09/21 08:34:31 [INFO] [johocen.com] Server responded with a certificate.
```
mubiesam
on 21 Sep 2019
It is a retryable error, Lego cmd succeeded. As you may see, namesilo is slow on propagation, then causes some unpredictable error. One I met previously is NAMESILO_POLLING_INTERVAL cannot be too short. Otherwise, the server may fail to respond.
sbzlyessit
on 21 Sep 2019
Related issues
mhoran
路
4Comments
kop
路
5Comments
athanp
路
3Comments
bouwerp
路
3Comments
jlxq0
路
5Comments