gitlab-letsencrypt
gitlab-letsencrypt copied to clipboard
Published
20 hours ago •
rolodato
rolodato
Configurable retry time or shorten time
Build process can take some time, so challenge file can be invalid when published:
$ gitlab-le --token xxxxxx --path /acme-challenge --jekyll --email [email protected] --production --repository https://gitlab.com/xxx/xxx --domain www.xxx.xx
By using Let's Encrypt, you are agreeing to the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Uploaded challenge file, polling until it is available at http://www.xxx.xx/.well-known/acme-challenge/xxx
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 1m...
Could not find challenge file. Retrying in 2m...
TODO: modules which depend on this module should expose this error properly but since some of them don't, I expose it here directly:
Error: [Error] letiny-core: not 200 ok
at bodyToError (/usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/get-certificate.js:55:15)
at /usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/get-certificate.js:135:22
at Request._callback (/usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/acme-client.js:113:7)
at Request.self.callback (/usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/request/request.js:188:22)
at Request.emit (events.js:188:13)
at Request.<anonymous> (/usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/request/request.js:1171:10)
at Request.emit (events.js:188:13)
at IncomingMessage.<anonymous> (/usr/local/lib/node_modules/gitlab-letsencrypt/node_modules/request/request.js:1091:12)
at Object.onceWrapper (events.js:276:13)
at IncomingMessage.emit (events.js:193:15)
at endReadableNT (_stream_readable.js:1129:12)
at process.internalTickCallback (internal/process/next_tick.js:72:19)
{ type: 'urn:acme:error:badNonce',
detail:
'JWS has invalid anti-replay nonce xxx',
status: 400 }
JWS has invalid anti-replay nonce xxx
We can not make GitLab CI run faster, but it is possible to decrease probability of fail by shortening retry time. It should not be problem to retry always after 30 seconds because that retry is free.
I'm also hit by this. I tried to remove the "double factor", but this didn't solve it neither:
Uploaded challenge file, polling until it is available at http://www.xxx.xx/.well-known/acme-challenge/xxx
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 30s...
Could not find challenge file. Retrying in 30s...
TODO: modules which depend on this module should expose this error properly but since some of them don't, I expose it here directly:
Error: [Error] letiny-core: not 200 ok
at bodyToError (/home/andrea/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/get-certificate.js:55:15)
at /home/andrea/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/get-certificate.js:135:22
at Request._callback (/home/andrea/node_modules/gitlab-letsencrypt/node_modules/le-acme-core/lib/acme-client.js:113:7)
at Request.self.callback (/home/andrea/node_modules/request/request.js:188:22)
at Request.emit (events.js:193:13)
at Request.<anonymous> (/home/andrea/node_modules/request/request.js:1171:10)
at Request.emit (events.js:193:13)
at IncomingMessage.<anonymous> (/home/andrea/node_modules/request/request.js:1091:12)
at Object.onceWrapper (events.js:281:20)
at IncomingMessage.emit (events.js:198:15)
at endReadableNT (_stream_readable.js:1139:12)
at processTicksAndRejections (internal/process/task_queues.js:81:17)
{ type: 'urn:acme:error:badNonce',
detail:
'JWS has invalid anti-replay nonce xxx',
status: 400 }
JWS has invalid anti-replay nonce xxx
For me removing double factor and disabling tests in CI solved it for me. And probably it helped to do it at night when GitLab's shared runners are idle. :-)
It seems final solution will be there: https://gitlab.com/gitlab-org/gitlab-ce/issues/28996