Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't request certs if date isn't set properly #39

Open
grischard opened this issue May 2, 2022 · 0 comments
Open

Don't request certs if date isn't set properly #39

grischard opened this issue May 2, 2022 · 0 comments

Comments

@grischard
Copy link

I use ssl-proxy on a robot. Since it doesn't have a real-time clock, it syncs its time over ntp after booting.

To avoid letsencrypt rate limiting, ssl-proxy should sanity check to make sure that the date is set to after 1970 before requesting certificates.

See also: golang/go#28201

A tragedy in log file format on machine reboot:

1970/01/01 00:00:09 Assuming -to URL is using http://
1970/01/01 00:00:09 Proxying calls from https://[::]:443 (SSL/TLS) to http://127.0.0.1:8000
1970/01/01 00:00:09 Domain specified, using LetsEncrypt to autogenerate and serve certs for foo.example.com
1970/01/01 00:00:09 Also redirecting https requests on port 80 to https requests on foo.example.com
1970/01/01 00:00:19 http: TLS handshake error from [fe80::1234]:57129: acme/autocert: missing certificate
1970/01/01 00:00:19 http: TLS handshake error from [fe80::1234]:57128: Get "https://acme-v02.api.letsencrypt.org/directory": x509: certificate has expired or is not yet valid: current time 1970-01-01T00:00:18Z is before 2022-04-26T22:21:59Z
1970/01/01 00:00:19 http: TLS handshake error from [fe80::1234]:57130: acme/autocert: missing certificate
1970/01/01 00:00:19 http: TLS handshake error from [fe80::1234]:57131: acme/autocert: missing certificate
1970/01/01 00:00:20 http: TLS handshake error from [fe80::1234]:57132: acme/autocert: missing certificate
1970/01/01 00:00:20 http: TLS handshake error from [fe80::1234]:57133: acme/autocert: missing certificate
1970/01/01 00:00:20 http: TLS handshake error from [fe80::1234]:57134: acme/autocert: missing certificate
1970/01/01 00:00:20 http: TLS handshake error from [fe80::1234]:57135: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57138: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57136: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57137: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57139: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57141: acme/autocert: missing certificate
1970/01/01 00:00:23 http: TLS handshake error from [fe80::1234]:57140: acme/autocert: missing certificate
2022/05/02 03:56:00 http: TLS handshake error from [fe80::1234]:57142: acme/autocert: missing certificate
2022/05/02 03:56:00 http: TLS handshake error from [fe80::1234]:57143: acme/autocert: missing certificate
2022/05/02 03:56:00 http: TLS handshake error from [fe80::1234]:57144: acme/autocert: missing certificate
2022/05/02 03:56:00 http: TLS handshake error from [fe80::1234]:57145: acme/autocert: missing certificate
2022/05/02 03:56:05 http: TLS handshake error from [fe80::1234]:57146: acme/autocert: missing certificate
2022/05/02 03:56:05 http: TLS handshake error from [fe80::1234]:57147: acme/autocert: missing certificate
2022/05/02 03:56:06 http: TLS handshake error from [fe80::1234]:57148: acme/autocert: missing certificate
2022/05/02 03:56:06 http: TLS handshake error from [fe80::1234]:57149: acme/autocert: missing certificate
2022/05/02 03:56:08 http: TLS handshake error from [fe80::1234]:57150: acme/autocert: missing certificate
2022/05/02 03:56:08 http: TLS handshake error from [fe80::1234]:57151: acme/autocert: missing certificate
2022/05/02 03:56:12 http: TLS handshake error from [fe80::1234]:57152: acme/autocert: missing certificate
2022/05/02 03:56:12 http: TLS handshake error from [fe80::1234]:57153: acme/autocert: missing certificate
2022/05/02 03:56:15 http: TLS handshake error from [fe80::1234]:57181: acme/autocert: missing certificate
2022/05/02 03:56:15 http: TLS handshake error from [fe80::1234]:57182: acme/autocert: missing certificate
2022/05/02 03:56:16 http: TLS handshake error from [fe80::1234]:57184: acme/autocert: missing certificate
2022/05/02 03:56:16 http: TLS handshake error from [fe80::1234]:57185: acme/autocert: missing certificate
2022/05/02 03:56:18 http: TLS handshake error from [fe80::1234]:57186: acme/autocert: missing certificate
2022/05/02 03:56:18 http: TLS handshake error from [fe80::1234]:57187: acme/autocert: missing certificate
2022/05/02 03:56:22 http: TLS handshake error from [fe80::1234]:57188: acme/autocert: missing certificate
2022/05/02 03:56:22 http: TLS handshake error from [fe80::1234]:57189: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57190: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57191: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57192: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57194: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57193: acme/autocert: missing certificate
2022/05/02 03:56:29 http: TLS handshake error from [fe80::1234]:57195: acme/autocert: missing certificate
2022/05/02 03:56:30 http: TLS handshake error from [fe80::1234]:57196: acme/autocert: missing certificate
2022/05/02 03:56:30 http: TLS handshake error from [fe80::1234]:57197: acme/autocert: missing certificate
2022/05/02 03:56:30 http: TLS handshake error from [fe80::1234]:57198: acme/autocert: missing certificate
2022/05/02 03:56:30 http: TLS handshake error from [fe80::1234]:57199: acme/autocert: missing certificate
2022/05/02 03:56:32 http: TLS handshake error from [fe80::1234]:57201: acme/autocert: missing certificate
2022/05/02 03:56:32 http: TLS handshake error from [fe80::1234]:57202: acme/autocert: missing certificate
2022/05/02 03:56:32 http: TLS handshake error from [fe80::1234]:57203: acme/autocert: missing certificate
2022/05/02 03:56:32 http: TLS handshake error from [fe80::1234]:57204: acme/autocert: missing certificate
2022/05/02 03:56:36 http: TLS handshake error from [fe80::1234]:57216: acme/autocert: missing certificate
2022/05/02 03:56:36 http: TLS handshake error from [fe80::1234]:57217: acme/autocert: missing certificate
2022/05/02 03:56:36 http: TLS handshake error from [fe80::1234]:57218: acme/autocert: missing certificate
2022/05/02 03:56:36 http: TLS handshake error from [fe80::1234]:57221: acme/autocert: missing certificate
2022/05/02 03:56:41 http: TLS handshake error from [fe80::1234]:57234: acme/autocert: missing certificate
2022/05/02 03:56:41 http: TLS handshake error from [fe80::1234]:57235: acme/autocert: missing certificate
2022/05/02 03:56:42 http: TLS handshake error from [fe80::1234]:57236: acme/autocert: missing certificate
2022/05/02 03:56:42 http: TLS handshake error from [fe80::1234]:57237: acme/autocert: missing certificate
2022/05/02 03:56:44 http: TLS handshake error from [fe80::1234]:57238: acme/autocert: missing certificate
2022/05/02 03:56:44 http: TLS handshake error from [fe80::1234]:57239: acme/autocert: missing certificate
2022/05/02 03:56:48 http: TLS handshake error from [fe80::1234]:57240: acme/autocert: missing certificate
2022/05/02 03:56:48 http: TLS handshake error from [fe80::1234]:57241: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57336: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57244: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57329: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57478: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57247: acme/autocert: missing certificate
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57242: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: foo.example.com: see https://letsencrypt.org/docs/rate-limits/
2022/05/02 04:01:53 http: TLS handshake error from [fe80::1234]:57273: acme/autocert: missing certificate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grischard