ejabberd icon indicating copy to clipboard operation
ejabberd copied to clipboard
verified publisher icon processone

ACME time out with Let's Encrypt

Open MetroWind opened this issue 6 months ago • 1 comments

Environment

  • ejabberd version: 25.4.0
  • Erlang version: 16.0.1
  • OS: Linux (Arch)
  • Installed from: distro package

Configuration

hosts:
  - # ...
acme:
  ## Staging environment
  ca_url: https://acme-staging-v02.api.letsencrypt.org/directory
  cert_type: ec

default_db: mnesia

loglevel: debug

listen:
  # ...
  -
    port: 5280
    module: ejabberd_http
    tls: false
    request_handlers:
      /.well-known/acme-challenge: ejabberd_acme

Errors from log

2025-06-24 14:23:23.532 [info] Requesting new certificate for <insert my domain here> from https://acme-staging-v02.api.letsencrypt.org/directory
...
2025-06-24 14:23:23.534 [debug] Creating ACME account key in /var/lib/ejabberd/acme/account.key
...
2025-06-24 14:23:23.556 [debug] ACME account key has been created successfully in /var/lib/ejabberd/acme/account.key
...
2025-06-24 14:23:23.556 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
...
2025-06-24 14:23:33.606 [debug] HTTP request timeout
2025-06-24 14:23:33.606 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
2025-06-24 14:23:43.608 [debug] HTTP request timeout
2025-06-24 14:23:43.608 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
2025-06-24 14:23:53.610 [debug] HTTP request timeout
2025-06-24 14:23:53.610 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
2025-06-24 14:24:03.611 [debug] HTTP request timeout
2025-06-24 14:24:03.611 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
2025-06-24 14:24:13.612 [debug] HTTP request timeout
2025-06-24 14:24:13.612 [debug] HTTP request: {:get, {~c"https://acme-staging-v02.api.letsencrypt.org/directory", []}}
2025-06-24 14:24:23.557 [debug] HTTP request timeout
2025-06-24 14:24:23.557 [error] Failed to request certificate for <insert my domain here>: HTTP error: etimedout
2025-06-24 14:24:23.557 [debug] Unregistering ACME challenge #Reference<0.2206195563.2400714753.192588>

Bug description

Ejabberd fails to get certificate from Let's Encrypt. Errors are as shown above. This is weird because on the machine that ejabberd is installed, I can curl https://acme-staging-v02.api.letsencrypt.org/directory with no problem.

MetroWind avatar Jun 25 '25 00:06 MetroWind

If the calls with Curl succeed, but the calls within ejabberd fail, maybe the problem is somewhere in the network configuration setup by ejabberd and/or erlang, or somewhere in the erlang libraries used to perform the call.

Are you still seeing this problem? If so, I could take a look at the source code and provide you some easy to follow steps to check where exactly the problem is.

badlop avatar Sep 23 '25 09:09 badlop