Is this the support team? If so, I got the following email after trying to set up a certificate:
Lets Encrypt failed to generate a certificate for your site: portfolio-api.
Please contact our Support Team so we can investigate.
My user account is willbeaufoy, and the certificate was for the subdomain:
api.portfoliotracker.willbeaufoy.opalstacked.com
Is the reason for the failure that I am using a subdomain of opalstacked rather then my own one?
It looks like we're hitting a rate limit on the Let's Encrypt service. We're in the process of applying for a higher limit to avoid this problem in the future. I'll follow up here when we've got that resolved. Sorry for the trouble!
ok thank you
Do you have any estimation of when this will be working again? I want to migrate my sites from webfaction but would like this to be working before I do.
Are you sure that's the problem?
I got my certificate for a static nginx app, but can't get it for a django app.
Thanks.
Thanks for all your amazing efforts on-boarding WF folks! After a lot of smooth sailing, I'm now getting these LE errors across the board for all new site routes. Any updates on this?
Lets Encrypt failed to generate a certificat
I am having this problem too and I im the middel of a migration, it is urgent.
Thanks
We've updated the preferred method for Let's Encrypt to work and extended the timeout window since we were seeing some early timeouts. Hopefully this will increase the likelihood of getting a certificate the first run.
Just tested again and get the same error: Lets Encrypt failed to generate a certificate for your site: ... Please contact our Support Team so we can investigate.
Can you send in a support ticket and the site name so we can look into it further?
There are some legitimate ways that Let's Encrypt can fail. Sometimes DNS propagation takes a lot of time to happen completely and in the time between our system sees the old server instead of the new one.
I've got a lot of temporary/testing subdomains [myapp].[myaccount].opalstacked.com --- without my own domain (yet). I need/want to use HTTPS on them (some already contain real userdata, and logins are used etc), but this needlessly creates new Let's Encrypt certificates as there's already one for opalstacked.com.
Indeed I now get messages "Lets Encrypt was disabled for site [mysitename] and switched to the shared certificate because it contains only opalstacked.com domains." However visiting those sub-subdomains gives me SSL_ERROR_BAD_CERT_DOMAIN on each one as it says "only valid for the following names: *.opalstacked.com, opalstacked.com"? Is ..opalstacked.com not included?
Because my "personal" LEs are for specific sub-subdomains so don't work interchangeably, and I expect it will not help to create one subdomain [myaccount].opalstacked.com for an LE cert because for that one the shared certificate would definitely work.
Or am I overlooking something obvious?
MrMartian we just rolled out that change last night and new documentation is coming soon.
tl;dr: providing LE for every possible subdomain of opalstacked.com is unscalable due to LE rate limits so we've decided to use a shared wildcard cert that covers *.opalstacked.com only, multi-level subdomains are not covered.
Will cover this in more detail in our official docs as soon as possible.
I've just swapped over my namesevers to opalstack and tried to generate a certificate, it failed. I've emailed support but not sure if anyone will be online over the weekend? Am I better off just switching the nameservers back to webfaction for now?
I just switched over to Opalstack and set up a Let's Encrypt certificate no problem. Certificate was created in 2-3 minutes after enabling the option in the admin. Awesome work!
