starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

bad handling sign error #31

New Issue
Closed
opened 2025-12-29 00:22:42 +01:00 by adam · 3 comments
adam commented 2025-12-29 00:22:42 +01:00
Owner
Copy Link

Originally created by @M-M-M-M on GitHub (Jan 10, 2016).

letsencrypt.sh is not handling correctly error such as "Too many certificates already issued" on Requesting certificate block : if an error occur on signed_request then there is no reason to try to check the certificate and the program should report the error and try following certificates.

Output of letsencrypt.sh showing the error:

Using config file /Users/test/GIT/letsencrypt.sh/config.sh
Processing test.example.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Apr  9 15:50:00 2016 GMT (Longer than 14 days). Ignoring because renew was forced!
 + Signing domains...
 + Generating signing request...
 + Requesting challenge for test.example.com...
 + Responding to challenge for test.example.com...
 + Challenge is valid!
 + Requesting certificate...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-cert (Status 429)

Details:
{"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: example.com","status":429}
 + Checking certificate...
  + ERROR: failed to run x509 -text (Exitcode: 1)

Details:
unable to load certificate
140735245852752:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1198:
140735245852752:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:372:Type=X509
140735245852752:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Originally created by @M-M-M-M on GitHub (Jan 10, 2016). letsencrypt.sh is not handling correctly error such as "Too many certificates already issued" on Requesting certificate block : if an error occur on signed_request then there is no reason to try to check the certificate and the program should report the error and try following certificates. Output of letsencrypt.sh showing the error: ``` Using config file /Users/test/GIT/letsencrypt.sh/config.sh Processing test.example.com + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... + Valid till Apr 9 15:50:00 2016 GMT (Longer than 14 days). Ignoring because renew was forced! + Signing domains... + Generating signing request... + Requesting challenge for test.example.com... + Responding to challenge for test.example.com... + Challenge is valid! + Requesting certificate... + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-cert (Status 429) Details: {"type":"urn:acme:error:rateLimited","detail":"Error creating new cert :: Too many certificates already issued for: example.com","status":429} + Checking certificate... + ERROR: failed to run x509 -text (Exitcode: 1) Details: unable to load certificate 140735245852752:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1198: 140735245852752:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:372:Type=X509 140735245852752:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: ```
adam added the bug label 2025-12-29 00:22:42 +01:00
adam closed this issue 2025-12-29 00:22:42 +01:00
adam commented 2025-12-29 00:22:43 +01:00
Author
Owner
Copy Link

@morganwdavis commented on GitHub (Jan 12, 2016):

Too many certificates bit me, too.

Related to this, creation or renewal attempts that fail end up leaving orphaned .csr files. On failures, those should be removed as they just accumulate with each new attempt. I haven't yet seen any value to keeping unusable .csr files around.

Semi-related to the general concept of cleanup, renewal or changed certs (e.g., those that had a SAN added or removed) that succeed will leave the old .pem and .csr files. On success, there should be some kind of cleanup function to keep the directory tidy. If removal is undesirable, then moving those older files into an archival subdirectory would be a reasonable alternative. That would make it easier for admins to script a backup/cleanup pass, too.

@morganwdavis commented on GitHub (Jan 12, 2016): Too many certificates bit me, too. Related to this, creation or renewal attempts that fail end up leaving orphaned .csr files. On failures, those should be removed as they just accumulate with each new attempt. I haven't yet seen any value to keeping unusable .csr files around. Semi-related to the general concept of cleanup, renewal or changed certs (e.g., those that had a SAN added or removed) that succeed will leave the old .pem and .csr files. On success, there should be some kind of cleanup function to keep the directory tidy. If removal is undesirable, then moving those older files into an archival subdirectory would be a reasonable alternative. That would make it easier for admins to script a backup/cleanup pass, too.
adam commented 2025-12-29 00:22:45 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Feb 10, 2016):

This seems to be fixed by now, script now exits after printing the error message.

@lukas2511 commented on GitHub (Feb 10, 2016): This seems to be fixed by now, script now exits after printing the error message.
adam commented 2025-12-29 00:22:45 +01:00
Author
Owner
Copy Link

@roschler commented on GitHub (Aug 12, 2017):

I got here because I too am getting the "failed to run X509" error, but I am not getting the rate limit error. Can anyone tell me why I'm getting this error message? I'm using letsencrypt with the le-godaddy-dns module:

  • Signing domains...
  • Generating private key...
  • Generating signing request...
  • Requesting challenge for gotchatbot.com...
  • Already validated!
  • Requesting certificate...
  • Checking certificate...
  • ERROR: failed to run x509 -text (Exitcode: 1)

Details:
unable to load certificate
140583927391904:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338:
140583927391904:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:390:Type=X509
140583927391904:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

@roschler commented on GitHub (Aug 12, 2017): I got here because I too am getting the "failed to run X509" error, but I am *not* getting the rate limit error. Can anyone tell me why I'm getting this error message? I'm using letsencrypt with the le-godaddy-dns module: + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for gotchatbot.com... + Already validated! + Requesting certificate... + Checking certificate... + ERROR: failed to run x509 -text (Exitcode: 1) Details: unable to load certificate 140583927391904:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1338: 140583927391904:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:390:Type=X509 140583927391904:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#31
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?