Awaiting certification 11 hours?

My domain feder.is is waiting certification too long. When I first deployed, certification was a matter of seconds. Then I changed some configurations and replaced the deployment. Now it says 11 hours. I tried reading other threads with similar problems, changing app name and replacing deployment again but futile. What did I miss?

~/feder % fly certs show feder.is
The certificate for feder.is has not been issued yet.

Hostname                  = feder.is

DNS Provider              = isnic

Certificate Authority     = Let's Encrypt

Issued                    = 

Added to App              = 11 hours ago

Source                    = fly

Your certificate for feder.is is being issued. Status is Awaiting certificates. Make sure to create another certificate for www.feder.is when the current certificate is issued. 

Given IPs

Screen Shot 2022-10-04 at 8.52.50

ISNIC Setting


fly.toml

# fly.toml file generated for feder-is on 2022-10-03T18:52:15-04:00

app = "feder-is"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[env]
  DATABASE_URL = "data/app.db"
  PUBLIC_FULLSTORY_ID = "o-1CJYM6-na1"
  PUBLIC_GOOGLE_OAUTH_ID = "1078468840440-uctnen8r63i2ksd0g2cial7fjsitkfcp.apps.googleusercontent.com"

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[mounts]
  destination = "/data"
  source = "data"

[[services]]
  http_checks = []
  internal_port = 3000
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

Looking into it now. This might be our mistake.

1 Like

Looks like there were too many certificates created for this hostname.

I see there were 4 records for it and 2 of them issued certificates. This means we’ve reached the limit for the hostname with Let’s Encrypt.

I’m going to manually fix the issue for this instance and see what might’ve caused it to happen too much.

Sometimes it takes minutes for a certificate to be issued depending on DNS and our queues. Sometimes seconds, sure :slight_smile: Definitely not hours unless the hostname is misconfigured.

Ok, I fixed this.

Looks like your hostname is not pointed at your IPs, unfortunately.

1 Like

Wow I was tinkering WORKDIR in Dockerfile in the meantime to see if it’s related. And I thought I fixed it for a moment. But you fixed it manually right? I appreciate it.

It’s weird I never kept multiple certifications not to mention apps. I was replacing them frequently though. If is it wrong to request certification too frequently, some guide or rate-limiting would have been useful.

I think part of it is on our end.

If you created multiple apps trying to fix the issue in the past day, it’s possible we created certificates for deleted apps and reached the limit.

1 Like