[SOLVED] Let’s Encrypt and ZeroSSL creation problems

System Issues
1

Let’s Encrypt and ZeroSSL Issues

Requesting SSL certificates from Let’s Encrypt or ZeroSSL may result in an error message. An example is below.

image
image1334×126 59 KB

When will this issue be resolved?

We are doing our best to get these issues resolved as soon as possible. Unfortunately, we don’t have enough details to tell how soon that will be. Please note that certificates that have already been issued will still work properly.

What can you do to fix this

At this time, there are no known workarounds to get a certificate. GoGetSSL (Our other SSL provider) is still properly functioning.

Timeline

  • December 18 - Issue reported
  • December 20 - Issue Confirmed
  • December 22 - Change Applied
  • December 22 - Change Confirmed
  • December 22 - Issue Solved

We are aware of the issue and are doing our best to get this resolved as soon as possible.

We completely understand that this may cause confusion and you will have additional questions. We are happy to provide any information that we can.

However, to keep the contents of this topic, as well as our forum, clean, clear, and concise, I ask that you carefully read the Outage Communication Rules before posting.

In a nutshell:

  • Please keep the posts about the outage in this topic, and all posts not about this outage outside of this topic.
  • Please post relevant questions only that have not been answered yet. It may be compelling to ask obvious questions like “when will this be fixed”, but basic information like that will be put in this message as soon as we know it.
  • Please carefully check the known symptoms and affected components.
    • If you are on the affected components, you are almost certainly affected by the outage. If so, please refrain from simply stating you are affected, it does not help get your service back up faster.
    • If you are not on the affected components but do experience all of the symptoms, please say so below so we can check if our list is incomplete.
    • If you do not experience all listed issues and are not on the components that are known to be affected, the issue you are experiencing is most likely not related to this outage. If so, please create a new topic in the Hosting Support category and describe the issue there.
  • If you say you are affected by the outage, please always include your website URL. I can’t check if you are affected by the outage if you don’t say which of your websites is affected.

Posts that do not follow these rules may be deleted without warning. This is to help ensure that all the relevant information is easily available to everyone reading this topic.

Thanks for your understanding!

3 Likes
3

Is the Self-Signed issuer affected? I assume not, because it does not need to connect to any external provider. Just asking for the community!

3 Likes
4

It does not seem to be, no.

2 Likes
5

While there are problems with Let’s Encrypt and ZeroSSL causing issues right now, they are largely separate issues.

  • ZeroSSL’s API has some reliability/performance issues and has always been this way. Certificates fail to issue randomly. I’m working on a way to mitigate these issues and I was hoping to finish that today.
  • Let’s Encrypt has currently rate limited the account we use to request certificates. This means we cannot request new Let’s Encrypt certificates right now, and won’t until either we start using a different account or until the rate limiting has passed (which can take a week). The changes I’m hoping to finish today will hopefully help in preventing this from happening again, but ideally we just need to load balance across different accounts, which I also intend to do (but probably don’t have time for today).

In this last case, you won’t see an “unknown error”. Yesterday I quickly added a check that detect this issue and displays an appropriate error message.

6 Likes
6

ZeroSSL is probably cringe. I set the cname, right? Client area detects it, then I verify. But after refresh, client area thinks that I not setup the cname yet.

Then unknown error.

1 Like
7

It turns out that there was also some configuration in the nameservers that broke Let’s Encrypt and ZeroSSL. That has just been fixed.

But in this case, Let’s Encrypt rate limits are the most important issue. ZeroSSL seems fine now.

3 Likes
8

I don’t know if it’s me verifying cname record thousand times or something. But GoGetSSL doesn’t work too.

Screenshot_20211222-211848
Screenshot_20211222-211848720×398 26.2 KB

I’m waiting this for a long time now.
Screenshot_20211222-211858
Screenshot_20211222-211858720×122 5.81 KB

And I insert the cname exactly as they said.

9

I just checked your certificate, but it seems to have been issued now.

Please note that DNS changes can take a few hours to take effect. That’s how DNS works, and is not related to this issue.

4 Likes
10

I just deployed my change to the Let’s Encrypt/ZeroSSL setup process. Hopefully, this should make SSL issuance for these providers more reliable (or at least easier to debug if something goes wrong).

5 Likes