Certificate not being issued from Lets Encrypt

The domain that I have added for indiepaper-prod indiepaper.me is verified but RSA and ECDSA is not getting issued. I thought I might have gone over the letsencrypt limit, but running lectl indiepaper.me returns this output.

lectl 0.21 (2020-August-09)

2021/October/04 09:34:10 - Checking all certs for indiepaper.me

I have found 21 non expired certificates (9 final certs and 12 pre certs) (max number of certs searched: 100) for domain indiepaper.me and its subdomains *.indiepaper.me

CRT ID      CERT TYPE   DOMAIN (CN)      KEY ALG      VALID FROM             VALID TO               EXPIRES IN
5339184638  Final cert  *.indiepaper.me  ECC 256bit   2021-Oct-01 21:10 IST  2021-Dec-30 21:10 IST  87 days
5338941015  Final cert  indiepaper.me    ECC 256bit   2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days
5338938787  Final cert  indiepaper.me    RSA 2048bit  2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days
5332069515  Pre cert    indiepaper.me    ECC 256bit   2021-Oct-03 05:03 IST  2022-Jan-01 05:03 IST  88 days
5331967347  Pre cert    indiepaper.me    RSA 2048bit  2021-Oct-03 05:03 IST  2022-Jan-01 05:03 IST  88 days
5331324590  Pre cert    indiepaper.me    RSA 2048bit  2021-Oct-02 20:34 IST  2021-Dec-31 20:34 IST  88 days
5326275902  Pre cert    *.indiepaper.me  ECC 256bit   2021-Oct-01 21:10 IST  2021-Dec-30 21:10 IST  87 days
5326061209  Pre cert    indiepaper.me    ECC 256bit   2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days
5322422524  Pre cert    indiepaper.me    RSA 2048bit  2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days
5287464942  Pre cert    indiepaper.me    ECC 256bit   2021-Sep-26 04:53 IST  2021-Dec-25 04:53 IST  81 days
5287463321  Final cert  indiepaper.me    ECC 256bit   2021-Sep-26 04:53 IST  2021-Dec-25 04:53 IST  81 days
5287463154  Pre cert    indiepaper.me    RSA 2048bit  2021-Sep-26 04:52 IST  2021-Dec-25 04:52 IST  81 days
5287462765  Final cert  indiepaper.me    RSA 2048bit  2021-Sep-26 04:52 IST  2021-Dec-25 04:52 IST  81 days
5271516352  Final cert  *.indiepaper.me  ECC 256bit   2021-Sep-23 11:33 IST  2021-Dec-22 11:33 IST  79 days
5271508432  Pre cert    *.indiepaper.me  ECC 256bit   2021-Sep-23 11:33 IST  2021-Dec-22 11:33 IST  79 days
4946134746  Final cert  indiepaper.me    ECC 256bit   2021-Jul-28 04:54 IST  2021-Oct-26 04:54 IST  21 days
4946134051  Final cert  indiepaper.me    RSA 2048bit  2021-Jul-28 04:54 IST  2021-Oct-26 04:54 IST  21 days
4942613785  Pre cert    indiepaper.me    RSA 2048bit  2021-Jul-28 04:54 IST  2021-Oct-26 04:54 IST  21 days
4939654312  Pre cert    indiepaper.me    ECC 256bit   2021-Jul-28 04:54 IST  2021-Oct-26 04:54 IST  21 days
4937598765  Final cert  *.indiepaper.me  ECC 256bit   2021-Jul-26 12:14 IST  2021-Oct-24 12:14 IST  20 days
4928991411  Pre cert    *.indiepaper.me  ECC 256bit   2021-Jul-26 12:14 IST  2021-Oct-24 12:14 IST  20 days

You have issued 6 certificates in last 7 days so you could issue 44 more certificates now.

l had added a TXT entry for indiepaper.me for Google Site verification, but I have removed it but certificate still doesn’t get issued.

It looks like it was issued, if I look at this:

5338941015  Final cert  indiepaper.me    ECC 256bit   2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days
5338938787  Final cert  indiepaper.me    RSA 2048bit  2021-Oct-01 20:42 IST  2021-Dec-30 20:42 IST  87 days

What makes you say they’re not getting issued? Are they showing problems in our UI or from our CLI?

I noticed your hostname is not pointed at our servers, but your DNS is setup so we can issue certificates. Until you point your hostname at our servers, we cannot serve the certificates we have issued.

I was using Cloudflare until the certificate was issued, I have reverted DNS to point to fly servers since otherwise my app would show not secured.

Even though the certificate is shown to be issued, fly certs show indiepaper.me -a indiepaper-prod returns Your certificate for indiepaper.me is being issued. Status is Awaiting certificates.. This is the response for a while.

It is stuck like this for a while

Screenshot 2021-10-04 at 8.11.39 PM1976×456 141 KB

And I can’t access the site https://indiepaper.me because of the site send an invalid response error, but indiepaper.me works fine.

I had moved organisations and recreated the app in the new org. Would that have created the issue ?

Edit:
Could anyone take a look, the app is inaccessible via HTTPS when the issue is standing.

So I have created two new organisations IndiePaper-Development, IndiePaper-Production in my company account and added indiepaper-development and indiepaper-production apps so they don’t have any issues with previously named apps.

I created two new certs dev.indiepaper.co on indiepaper-development and indiepaper.me for indiepaper-production in their respective organisations. It’s still the same issue, Your certificate for indiepaper.me is being issued. Status is Awaiting certificates.

Edit: dev.indiepaper.co got certificate issued, indiepaper.me is still pending

Having a similar issue for a few certs in my account. Any way to get more info on why the cert has not yet been issued?

Can anyone take a look, it’s delaying the launch and deterring initial set of customers.

@aswinmohanme Lets Encrypt will only issue us 5 duplicate certificates per week, so we can’t get this one issued. I’m checking to see if I can restore a previous one to this app (it may not be possible).

@ajsharp we can look up specific certs, do you have one in particular you’d like us to check?

@aswinmohanme I migrated one of your older certificates to your new app, you should be good to go now.

Hey, the ECDSA got restored, but the RSA is still not issued. That might be the reason I cannot access https://indiepaper.me