DNS malformed - JWS verification error

wazer · September 24, 2024, 6:55pm

1. The problem I’m having:

All of sudden, website stopped working, no contact.

I figured out it was DNS issue, I by accident deleted logs since I was trying a lot of things, being frustrated.

I also deleted the entire caddy folder in here
C:\Windows\System32\config\systemprofile\AppData\Roaming\

I created a new API key via cloudflare
I was now met with this malformed - JWS verification error

Went to zerossl dashboard

I tried to revoke certificate and being met with this error

We are unable to revoke this certificate. If this is a certificate issued via ACME
please [refer to this article]
(https://help.zerossl.com/hc/en-us/articles/900005244486-Revoking-Certificates-Issued-via-ACME) on how to revoke ACME certificates

I tried downloading certbot and following the guide in windows but eventually gave up since there’s no pem file available anywhere.

So I created a whole new zerossl account, thinking that I could just leave it to rot until certs would expire, but same thing applies with JWS verification error

2. Error messages and/or full log output:

{"level":"info","ts":1727202590.3238242,"msg":"using adjacent Caddyfile"}
{"level":"info","ts":1727202590.3353674,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1727202590.3353674,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"Caddyfile","line":96}
{"level":"info","ts":1727202590.3463721,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1727202590.3474636,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0008a4280"}
{"level":"info","ts":1727202590.3474636,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1727202590.3474636,"logger":"http.auto_https","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"info","ts":1727202590.3540092,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1727202590.3540092,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1727202590.3540092,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["domain.com"]}
{"level":"info","ts":1727202590.3559692,"msg":"autosaved config (load with --resume flag)","file":"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy\\autosave.json"}
{"level":"info","ts":1727202590.3559692,"msg":"serving initial configuration"}
{"level":"info","ts":1727202590.35647,"logger":"tls.obtain","msg":"acquiring lock","identifier":"domain.com"}
{"level":"info","ts":1727202590.3594813,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy","instance":"4f0ed689-6909-465e-84e7-ed7b602f2ffb","try_again":1727288990.3594813,"try_again_in":86400}
{"level":"info","ts":1727202590.3594813,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1727202590.3619993,"logger":"tls.obtain","msg":"lock acquired","identifier":"domain.com"}
{"level":"info","ts":1727202590.3619993,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain.com"}
{"level":"info","ts":1727202590.362998,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mail.com"}
{"level":"info","ts":1727202590.362998,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mail.com"}
{"level":"info","ts":1727202590.362998,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1mask","account_contact":["mailto:mask@mail.com"]}
{"level":"info","ts":1727202591.39921,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain.com","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727202714.6324651,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/1mask/3mask) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727202714.6329687,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mail.com"}
{"level":"info","ts":1727202714.6329687,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mail.com"}
{"level":"info","ts":1727202714.6329687,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/Omask","account_contact":["mailto:mask@mail.com"]}
{"level":"info","ts":1727202715.729504,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727202838.6968791,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/N9mask) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727202838.6968791,"logger":"tls.obtain","msg":"will retry","error":"[domain.com] Obtain: [domain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/N9mask) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":248.3348798,"max_duration":2592000}
{"level":"info","ts":1727202898.6969163,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain.com"}
{"level":"info","ts":1727202898.69742,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/1mask","account_contact":["mailto:mask@mail.com"]}
{"level":"error","ts":1727202899.4769127,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}
{"level":"info","ts":1727202899.4770374,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/Omask","account_contact":["mailto:mask@mail.com"]}
{"level":"info","ts":1727202900.345578,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}

3. Caddy version:

v2.8.5-0.20240921034718-ff67b971267a h1:fc5YCe52upxmavg0zuPWNUSL4ZcAPTsX1BO+R8j948Q=

4. How I installed and ran Caddy:

I use xcaddy to build latest Master

Version

v0.4.2 h1:N+W2glljYrfHO4mTnpDhUnNzobeQE46OfPXfiPbO3dY=

xcaddy paramter

xcaddy build master --with github.com/caddy-dns/cloudflare --with github.com/caddyserver/transform-encoder --with github.com/WeidiDeng/caddy-cloudflare-ip --with github.com/porech/caddy-maxmind-geolocation

a. System environment:

Windows 11 x64

b. Command:

caddy run

d. My complete Caddy config:

{
	auto_https disable_redirects
	http_port 80
	https_port 443
	servers {
		trusted_proxies cloudflare
		client_ip_headers CF-Connecting-IP
	}
}

(dnsauth_n_log_n_cloudflare) {
	tls mask@mail.com {
		dns cloudflare mask
		resolvers 8.8.8.8 8.8.4.4
	}
	log {
		hostnames {args[0]}
		output file C:/stuff/caddy/logs/{args[0]}.log

		format transform "[{ts}] - User={user_id} - X-Forwarded-For={request>headers>X-Forwarded-For} - client_ip={request>client_ip} Country={request>headers>Cf-Ipcountry} {request>method} {request>headers>X-Forwarded-Proto} {request>host} {request>uri} {request>headers>Referer>[0]} {request>headers>User-Agent>[0]} - {request>proto} {status} {size} -" {
			#{request>headers} <--- add this if you want full log
			time_format "02-01-2006 15:04:05.000"
			time_local
		}
	}
}

domain.com {
	header X-Real-IP {http.request.header.CF-Connecting-IP}
	header X-Forwarded-For {http.request.header.CF-Connecting-IP}
	header X-Forwarded-Host {http.request.hostport}
	import dnsauth_n_log_n_cloudflare domain.com
	root * C:\stuff\caddy\@file_server\root\domain.com
	file_server
}

I’m only a windows user, how can I proceed from here?

Whitestrake · September 24, 2024, 11:39pm

Looks like ZeroSSL failed because of a DNS propagation timeout:

{"level":"error","ts":1727202838.6968791,"logger":"tls.obtain","msg":"will retry","error":"[domain.com] Obtain: [domain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/N9mask) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":248.3348798,"max_duration":2592000}

Caddy retried with LetsEncrypt and that part had a JWS verification error.

{"level":"info","ts":1727202898.69742,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/1mask","account_contact":["mailto:mask@mail.com"]}
{"level":"error","ts":1727202899.4769127,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:malformed - JWS verification error"}

Then it goes back to trying ZeroSSL before the logs cut off:

{"level":"info","ts":1727202899.4770374,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/Omask","account_contact":["mailto:mask@mail.com"]}
{"level":"info","ts":1727202900.345578,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}

So it seems like ZeroSSL is fine (maybe?), it’s just having issues waiting for DNS propagation, and the LetsEncrypt account is borked.

You can delete just the local ACME account for LetsEncrypt specifically, they’re fairly throwaway and easy to regenerate. Inside %AppData%\Caddy\acme there should be a directory named acme-v02.api.letsencrypt.org-directory - that’s the one to delete. Then start Caddy back up again.

I understand that fix: use a tempfile to write files in filestorage. by elee1766 · Pull Request #300 · caddyserver/certmagic · GitHub is expected to mitigate this issue in future.

wazer · September 25, 2024, 12:56am

Thanks for the reply…

I have been working a bit so here’s a small resume of fixing some and hopefully all the problems for now for me.

The first problem DNS malformed - JWS verification error, would only show in the logs when I was running tls with a different e-mail than the one I had used previous to generate the certificates, I changed because I wanted to see if that could solved the delay/wait time for generating new cert, and forgot about it again.

I also recovered the folders and only deleted the acme folder, and vice versa, it would not work at all, however…

I found a way to revoke all those messed up certificates, Does caddy has such feature implemented that could fix this automatic ?
if yes, it did not work in my case…

Either way it would be cool that if there would be an option to do something like this

caddy --revoke-cert

if no path or domain has been written added after–revoke-cert… Then read if any *.crt & *.key can be found in one of the the caddy Roaming\caddy folder’s and then list them so the user could do something like

example:
caddy --revoke-cert domain1.com
caddy --revoke-cert test.domain2.com

and it would simply revoke the cert.

Anyways, what I had to do to fix these issues for me.

Find all your certificates, they either in one of those folders.

If caddy is ran as Admin
%windir%\System32\config\systemprofile\AppData\Roaming\Caddy

If caddy is ran as normal user
%AppData%\Caddy

So we cannot automatic assume that the default path in windows is %AppData%\Caddy\acme each time, that I have learn.

Perhaps we can have it made it default for both Admin and User in %AppData%\Caddy under windows?

For now what I did to remove 8 certificates I used this tool for windows made by CertBot

https://github.com/certbot/certbot/releases/download/v2.9.0/certbot-beta-installer-win_amd64_signed .exe (remove space between signed and .exe)

It’s the latest and properly the last version being produced for windows, as I understood…

So I would enter the path for my profiles, in my case as admin this folder

%windir%\System32\config\systemprofile\AppData\Roaming\Caddy

I would then find the folders

-certificates
--acme.zerossl.com-v2-dv90
---domain

Open cmd as admin and run this command line, remember to navigate to your Roaming\Caddy\certificates\acme.zerossl.com-v2-dv90\domain path in cmd.exe

certbot revoke --server https://acme.zerossl.com/v2/DV90 --cert-path domain.crt --key-path domain.key

It will ask if you want to revocate the certificate and following question after if you want to delete it.

For one liner if you already know your domain paths, this could be done faster like this for each domain and caddy is ran as admin

certbot revoke --server https://acme.zerossl.com/v2/DV90 --cert-path %windir%\System32\config\systemprofile\AppData\Roaming\Caddy\certificates\acme.zerossl.com-v2-dv90\domain.crt --key-path %windir%\System32\config\systemprofile\AppData\Roaming\Caddy\certificates\acme.zerossl.com-v2-dv90\domain.key

For normal user run, it would be like this

certbot revoke --server https://acme.zerossl.com/v2/DV90 --cert-path %AppData%\Caddy\certificates\acme.zerossl.com-v2-dv90\domain.crt --key-path %AppData%\Caddy\certificates\acme.zerossl.com-v2-dv90\domain.key

I have now successful removed all borked certificates, and will see if I can get some new one generated.

I’m being met with a lot of, but that has always been the case ever since i remember, eventually it will be fixed by it self?

solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error:

I think I got it all covered, now I just have to wait and see if it works now.

Whitestrake · September 25, 2024, 1:07am

I’m not sure I understand the requirement for revocation. As far as I’m aware, the issue is with the ACME account, not with any certificate, and as far as I know there’s no reason you couldn’t have kept using those existing certs until they expired. Was there some kind of specific issue with the certs? Or was it just the JWS verification error that prompted you to want to revoke all the certs? Revocation is usually only needed when certificates are compromised, for example if they were stolen by malicious actors and misused. If you’re still in full control of them you can just delete them, it’s not really a problem.

It already is; the location of %AppData% itself depends on your user profile location.

For some user Foo it would be C:\Users\Foo. For the LocalSystem user it would be C:\Windows\System32\config\systemprofile.

%AppData% resolves to the AppData\Roaming folder within the user profile folder.

It would be nonsensical to try to put the Caddy config for the LocalSystem user in your own personal user profile AppData.

wazer · September 25, 2024, 1:43am

I’m not sure I understand the requirement for revocation. As far as I’m aware, the issue is with the ACME account, not with any certificate, and as far as I know there’s no reason you couldn’t have kept using those existing certs until they expired. Was there some kind of specific issue with the certs? Or was it just the JWS verification error that prompted you to want to revoke all the certs? Revocation is usually only needed when certificates are compromised, for example if they were stolen by malicious actors and misused. If you’re still in full control of them you can just delete them, it’s not really a problem.

Yeah my sites was not reachable all of sudden, in the middle of the night it had all stopped working

I had 3 certicates of the same name domain path found under Log In - ZeroSSL so I figured it was because of some kind of a limit or something.

I had deleted the entire caddy folder, ran for a couple of hours and nothing happen, then recovered the caddy folder and only deleted the acme folder, and still nothing happen

It already is; the location of %AppData% itself depends on your user profile location.

Perhaps the issue can be found in the WinSW config file then? I use it to keep caddy automatic running, I see its running as username LocalSystem, I thought I had double checked when running as admin and normal user about the caddy roaming placement… Nice to know.

My WinSW GitHub - winsw/winsw: A wrapper executable that can run any executable as a Windows service, in a permissive license.

<service>
  <id>Caddy</id>
  <!-- Display name of the service -->
  <name>Caddy Web Server (WinSW)</name>
  <!-- Service description -->
  <description>Caddy Web Server (https://caddyserver.com/)</description>
  <executable>%BASE%\caddy.exe</executable>
  <arguments>run</arguments>
  <startmode>Automatic</startmode>
  <log mode="roll-by-size">
	<sizeThreshold>10240</sizeThreshold>
	<keepFiles>8</keepFiles>
  </log>  
  <onfailure action="restart" delay="5 sec"/>
  <serviceaccount>
	<allowservicelogon>true</allowservicelogon>
	<username>LocalSystem</username>
  </serviceaccount>
</service>

Nonetheless that must be the reason for it being generated in there then

Now I’m really curious to when it will start working because right now it seems to just start all over all the time?

{"level":"info","ts":1727222374.6449864,"msg":"using adjacent Caddyfile"}
{"level":"info","ts":1727222374.6729887,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1727222374.6729887,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"Caddyfile","line":97}
{"level":"info","ts":1727222374.6991303,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1727222374.7001293,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00089f380"}
{"level":"info","ts":1727222374.7006295,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1727222374.7006295,"logger":"http.auto_https","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"info","ts":1727222374.714203,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1727222374.7147036,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1727222374.7147036,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["domain3.com","domain1.com","domain2.com"]}
{"level":"info","ts":1727222374.7207038,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy"}
{"level":"info","ts":1727222374.7207038,"logger":"tls.obtain","msg":"acquiring lock","identifier":"domain1.com"}
{"level":"info","ts":1727222374.7212038,"logger":"tls.obtain","msg":"acquiring lock","identifier":"domain2.com"}
{"level":"info","ts":1727222374.7217038,"logger":"tls.obtain","msg":"acquiring lock","identifier":"domain3.com"}
{"level":"info","ts":1727222374.7252033,"logger":"tls.obtain","msg":"lock acquired","identifier":"domain1.com"}
{"level":"info","ts":1727222374.7257037,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727222374.7262034,"logger":"tls.obtain","msg":"lock acquired","identifier":"domain2.com"}
{"level":"info","ts":1727222374.7262034,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727222374.7262034,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1727222374.7267034,"logger":"tls.obtain","msg":"lock acquired","identifier":"domain3.com"}
{"level":"info","ts":1727222374.7272036,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727222374.7832954,"msg":"autosaved config (load with --resume flag)","file":"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Caddy\\autosave.json"}
{"level":"info","ts":1727222374.7832954,"msg":"serving initial configuration"}
{"level":"info","ts":1727222375.5708907,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain3.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5708907,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain3.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5708907,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1965282386","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222375.5713902,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain1.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5713902,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain1.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5713902,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1965282376","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222375.5718906,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain2.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5718906,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain2.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mask@mask.com"}
{"level":"info","ts":1727222375.5718906,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1965282396","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222375.9270563,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727222375.9270563,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727222375.9568162,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727222498.5843859,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/1965282376/308065909306) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1727222498.6247606,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/1965282386/308065909186) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1727222498.6551933,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/1965282396/308065909156) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727222501.4523177,"logger":"http","msg":"generated EAB credentials","key_id":"iiyuyK6qK2zoUCv87Cemvg"}
{"level":"info","ts":1727222532.328201,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain1.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222532.328201,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain1.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222532.328201,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/iiyuyK6qK2zoUCv87Cemvg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222533.1467807,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain2.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222533.1467807,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain2.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222533.1467807,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/OkRrUhfNY436gUXSVmlH-w","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222547.1244857,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["domain3.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222547.1244857,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["domain3.com"],"ca":"https://acme.zerossl.com/v2/DV90","account":"mask@mask.com"}
{"level":"info","ts":1727222547.1244857,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222547.7055519,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727222548.3375914,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727222557.0993161,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727222670.5479076,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/kueQUwwU2x3u2-ZtoxRxXg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222670.5479076,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/kueQUwwU2x3u2-ZtoxRxXg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":295.8217042,"max_duration":2592000}
{"level":"error","ts":1727222674.6130354,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/AsOf7Db2-litEh9AFuNRlg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222674.6130354,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/AsOf7Db2-litEh9AFuNRlg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":299.8878322,"max_duration":2592000}
{"level":"error","ts":1727222679.442052,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/20xqDnAy8jpRPOUj3BhMBw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222679.442052,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/20xqDnAy8jpRPOUj3BhMBw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":304.7153484,"max_duration":2592000}
{"level":"info","ts":1727222730.5487068,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727222731.3543,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222731.696707,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727222734.613997,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727222734.6144984,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222735.1129892,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727222739.442969,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727222739.443751,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222739.9341335,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727222853.5324013,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360315283) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727222853.5329514,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"error","ts":1727222856.6971421,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360316543) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727222856.697429,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222857.0508964,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727222860.5232902,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727222861.5129077,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360318093) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727222861.5134063,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727222866.5619643,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727222979.3976092,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/rbWQV59RXeZe0i9LN22uaA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222979.3976092,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/rbWQV59RXeZe0i9LN22uaA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":604.6714057,"max_duration":2592000}
{"level":"error","ts":1727222982.4283264,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/Bmjs7r0CFCFrHkWsZobccQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222982.4283264,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/Bmjs7r0CFCFrHkWsZobccQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":607.7031233,"max_duration":2592000}
{"level":"error","ts":1727222988.751968,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/iwc8BIjkV0bgRHbaJAJgTA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727222988.751968,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/iwc8BIjkV0bgRHbaJAJgTA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":614.0252645,"max_duration":2592000}
{"level":"info","ts":1727223099.3979542,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727223099.3989637,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223099.9025571,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727223102.4286265,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727223102.4295459,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223102.9243662,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727223108.7524946,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727223108.7534986,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223109.2577946,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727223221.6282978,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360427773) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223221.6287975,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223222.6658149,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223224.5497177,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360428443) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223224.5500124,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223225.5509114,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223230.744802,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360429833) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223230.7452,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223231.8273263,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223345.4568634,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/zw-jNAXvWFpbxa1ollprEw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223345.4568634,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/zw-jNAXvWFpbxa1ollprEw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":970.7306601,"max_duration":2592000}
{"level":"error","ts":1727223347.4638288,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/znf5QFwnjARd0Hbdnd2MBw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223347.4639518,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/znf5QFwnjARd0Hbdnd2MBw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":972.7387488,"max_duration":2592000}
{"level":"error","ts":1727223354.4161258,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/bOC2m_fbSKDPac_Mjpk4Dw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223354.4161258,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/bOC2m_fbSKDPac_Mjpk4Dw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_in":120,"elapsed":979.6894222,"max_duration":2592000}
{"level":"info","ts":1727223465.457174,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727223465.45819,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223465.9565046,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727223467.4644573,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727223467.4652627,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223467.9715078,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727223474.4161618,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727223474.4171963,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223474.9212782,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727223587.662082,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360518393) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223587.66268,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223589.2762053,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223589.5518737,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360518683) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223589.552384,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223592.0488758,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223596.4390004,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360520243) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727223596.4395049,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727223597.4825616,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727223711.24005,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/-dJdPlcNyttkPCX36WTmqQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223711.24005,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/-dJdPlcNyttkPCX36WTmqQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1336.5138468,"max_duration":2592000}
{"level":"error","ts":1727223714.2005243,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/GigIj1dO1ix8fDO53KQcKw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223714.2005243,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/GigIj1dO1ix8fDO53KQcKw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1339.4753211,"max_duration":2592000}
{"level":"error","ts":1727223719.768359,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/T5m-CLlzYtynbIdoQCW_8A) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727223719.7684882,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/T5m-CLlzYtynbIdoQCW_8A) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":1345.0417849,"max_duration":2592000}
{"level":"info","ts":1727224011.2405827,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727224011.2414935,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224012.0780804,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727224014.2008257,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727224014.2017338,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224014.6982644,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727224019.7694516,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727224019.7699506,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224020.2771482,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727224133.8395777,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360648703) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224133.8403857,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"error","ts":1727224136.236634,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360649333) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224136.2370455,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224137.1999888,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727224138.003108,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727224141.8190262,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360650653) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224141.8190262,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224142.7280393,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727224260.0986445,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/nRsrncmQgRrozSmNLXIxAw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727224260.0988123,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/nRsrncmQgRrozSmNLXIxAw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":1885.3726091,"max_duration":2592000}
{"level":"error","ts":1727224260.8663146,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/cG_t1CGm6BOzDog4C9ku5w) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727224260.8663146,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/cG_t1CGm6BOzDog4C9ku5w) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":1886.1411115,"max_duration":2592000}
{"level":"error","ts":1727224264.694799,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/KtdFuB_ruht5uvSUuq6xKQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727224264.694799,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/KtdFuB_ruht5uvSUuq6xKQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":1889.9680954,"max_duration":2592000}
{"level":"info","ts":1727224860.0992823,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727224860.1006956,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224860.8667264,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727224860.8676603,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224860.98974,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727224861.4052944,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727224864.695381,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727224864.6963212,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224865.229438,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727224982.7466075,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360861553) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224982.747109,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"error","ts":1727224983.0295854,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360861673) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224983.0300052,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224983.8041039,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727224983.9871933,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727224986.7765534,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19360863333) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727224986.7769592,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727224988.012516,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727225107.2257752,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/V9s_lQJVvU5cDwpd1DVcYg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225107.2257752,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/V9s_lQJVvU5cDwpd1DVcYg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":600,"elapsed":2732.5005721,"max_duration":2592000}
{"level":"error","ts":1727225107.6170971,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/FA3tz8vyJ3cOE18Jd25SIg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225107.6170971,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/FA3tz8vyJ3cOE18Jd25SIg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":600,"elapsed":2732.8908939,"max_duration":2592000}
{"level":"error","ts":1727225110.756704,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/s9A0EK15NU_u8vR9aUjbiw) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225110.763438,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/s9A0EK15NU_u8vR9aUjbiw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":6,"retrying_in":600,"elapsed":2736.0367347,"max_duration":2592000}
{"level":"info","ts":1727225707.22614,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain1.com"}
{"level":"info","ts":1727225707.2275374,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727225707.6177945,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain2.com"}
{"level":"info","ts":1727225707.6187375,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727225708.0300844,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727225708.1095934,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1727225710.7640471,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"domain3.com"}
{"level":"info","ts":1727225710.765039,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/164566493","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727225711.2456315,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1727225829.763979,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19361074683) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727225829.76529,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"error","ts":1727225829.7770884,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19361074693) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727225829.7771847,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727225830.9000244,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain2.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1727225830.9098482,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain1.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727225832.855585,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/164566493/19361075313) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1727225832.8560834,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/U0_er_lSyPHdHkRD-y36Hg","account_contact":["mailto:mask@mask.com"]}
{"level":"info","ts":1727225833.815477,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"domain3.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1727225953.2277339,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain2.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/vlUYlkqdb8WLzkd9hJw8wg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225953.2277339,"logger":"tls.obtain","msg":"will retry","error":"[domain2.com] Obtain: [domain2.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/vlUYlkqdb8WLzkd9hJw8wg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":600,"elapsed":3578.5015304,"max_duration":2592000}
{"level":"error","ts":1727225953.25141,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain1.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/cBGoVRfPO0c5EOldH5SpBg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225953.25141,"logger":"tls.obtain","msg":"will retry","error":"[domain1.com] Obtain: [domain1.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/cBGoVRfPO0c5EOldH5SpBg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":600,"elapsed":3578.5262068,"max_duration":2592000}
{"level":"error","ts":1727225956.255876,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"domain3.com","issuer":"acme.zerossl.com-v2-DV90","error":"[domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/l2Z7ZZKpjG1J27z96OnSrA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1727225956.255876,"logger":"tls.obtain","msg":"will retry","error":"[domain3.com] Obtain: [domain3.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme.zerossl.com/v2/DV90/order/l2Z7ZZKpjG1J27z96OnSrA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":7,"retrying_in":600,"elapsed":3581.5291728,"max_duration":2592000}

Whitestrake · September 25, 2024, 5:23am

This error indicates that Caddy tried to update the TXT record through the API and then waited to check if it could query that record through public DNS yet. It waits and checks first to make sure it doesn’t “pull the trigger” on the ACME validation prematurely, before DNS changes have had a chance to propagate from the API to the public resolvers.

This is kind of curious because you’ve paired dns cloudflare with resolvers 8.8.8.8 8.8.4.4. Which is to say, this isn’t an issue with local DNS resolver caching; it seems like an issue with Google’s DNS not reflecting Cloudflare DNS changes fast enough for the timeout.

What happens if you try resolvers 1.1.1.1 1.0.0.1 ? (Those are Cloudflare’s public DNS servers, which should SURELY update the fastest since you’re using Cloudflare as your DNS provider.)

francislavoie · September 25, 2024, 8:36am

These lines don’t make sense, you’re reflecting those headers back to the client. header sets response headers, but those are request headers. Either way, Caddy already handles proxy headers properly for you since you have trusted_proxies set up. Just remove this.

wazer · September 25, 2024, 3:21pm

I have learned that it has been an issue with the provider I use.

It has now been fixed.

Thanks for the tip about resolvers.

Tho the Idea of being able to revoke certificate, I thought was a nice Idea, since we cannot easyli do it via zerossl dashboard without using thirdparty services.

wazer · September 25, 2024, 3:22pm

Thanks I have removed the headers

Again both of you top quality helpers and posts.

francislavoie · September 25, 2024, 6:57pm

There’s no reason to revoke unless you leaked the private keys and think some bad actor could be using them to impersonate your server. If you just stop using it, no need at all to revoke.

system · October 25, 2024, 6:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.