[GH-ISSUE #876] zerossl申请证书，网络通畅，但是一直显示超时 #597

New issue

Closed

opened 2026-03-03 01:04:34 +03:00 by kerem · 6 comments

kerem commented 2026-03-03 01:04:34 +03:00

Owner

Copy link

Originally created by @KeithXZhai on GitHub (Jul 16, 2025).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/876

软件版本 / Release Version

0.3.23

问题描述 / Description

通过ZeroSSL+CF申请证书，已配置好了EAB，CF配置如下：

一直报错如下（已抹去隐私内容）：

error: one or more domains had a problem: [*.xxxx.xxx] Post "https://acme.zerossl.com/v2/DV90/authz/xxxxxxxxxxxx": net/http: timeout awaiting response headers

已经确认该服务器可以正常访问https://acme.zerossl.com/v2/DV90/，curl返回值正常：

其他 / Miscellaneous

No response

Originally created by @KeithXZhai on GitHub (Jul 16, 2025). Original GitHub issue: https://github.com/certimate-go/certimate/issues/876 ### 软件版本 / Release Version 0.3.23 ### 问题描述 / Description 通过ZeroSSL+CF申请证书，已配置好了EAB，CF配置如下： <img width="1474" height="873" alt="Image" src="https://github.com/user-attachments/assets/944ce2ff-9692-468d-8bf6-c19c25a3d6ce" /> 一直报错如下（已抹去隐私内容）： ``` error: one or more domains had a problem: [*.xxxx.xxx] Post "https://acme.zerossl.com/v2/DV90/authz/xxxxxxxxxxxx": net/http: timeout awaiting response headers ``` 已经确认该服务器可以正常访问`https://acme.zerossl.com/v2/DV90/`，curl返回值正常： <img width="1046" height="383" alt="Image" src="https://github.com/user-attachments/assets/90b15bad-ba1a-485f-b426-cc5bd82edccd" /> ### 其他 / Miscellaneous _No response_

kerem 2026-03-03 01:04:34 +03:00

• closed this issue
• added the
  stale
  label

kerem commented 2026-03-03 01:04:35 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Jul 16, 2025):

挂的代理吗？

https://docs.certimate.me/docs/getting-started/configuration#http-proxy

<!-- gh-comment-id:3078347027 --> @fudiwei commented on GitHub (Jul 16, 2025): 挂的代理吗？ > https://docs.certimate.me/docs/getting-started/configuration#http-proxy

kerem commented 2026-03-03 01:04:35 +03:00

Author

Owner

Copy link

@KeithXZhai commented on GitHub (Jul 16, 2025):

挂的代理吗？

https://docs.certimate.me/docs/getting-started/configuration#http-proxy

没有使用代理，机器不在墙内。在配置不变的情况下尝试了许多次然后终于成功了一次……我不太理解是什么原因导致的……
失败的原因90%是net/http: timeout awaiting response headers

<!-- gh-comment-id:3078355055 --> @KeithXZhai commented on GitHub (Jul 16, 2025): > 挂的代理吗？ > > > https://docs.certimate.me/docs/getting-started/configuration#http-proxy 没有使用代理，机器不在墙内。在配置不变的情况下尝试了许多次然后终于成功了一次……我不太理解是什么原因导致的…… 失败的原因90%是`net/http: timeout awaiting response headers` <img width="1540" height="680" alt="Image" src="https://github.com/user-attachments/assets/e7e33ee6-0474-4c55-9da1-0a6537b5b990" />

kerem commented 2026-03-03 01:04:35 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Jul 16, 2025):

说实话这类网络问题基本无法排查，绝大部分情况都与应用无关 😕

Issue 先开着吧，看看有没有有其他人有类似情况。

<!-- gh-comment-id:3078438721 --> @fudiwei commented on GitHub (Jul 16, 2025): 说实话这类网络问题基本无法排查，绝大部分情况都与应用无关 😕 Issue 先开着吧，看看有没有有其他人有类似情况。

kerem commented 2026-03-03 01:04:35 +03:00

Author

Owner

Copy link

@FarrelF commented on GitHub (Jul 16, 2025):

Sorry I'm joining here, but just now I'm having the same issue.

ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead.

Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL.

Lego seems have a feature to set timeout limit (see lego help), but I don't know if this will have any effect on this timeout issue case.

<!-- gh-comment-id:3079131517 --> @FarrelF commented on GitHub (Jul 16, 2025): Sorry I'm joining here, but just now I'm having the same issue. ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead. Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL. Lego seems have a feature to set timeout limit (see `lego help`), but I don't know if this will have any effect on this timeout issue case. <img width="1920" height="926" alt="Image" src="https://github.com/user-attachments/assets/5f21f47a-3917-4a54-b1e4-5654437adf08" />

kerem commented 2026-03-03 01:04:35 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Jul 17, 2025):

Sorry I'm joining here, but just now I'm having the same issue.

ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead.

Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL.

Lego seems have a feature to set timeout limit (see lego help), but I don't know if this will have any effect on this timeout issue case.

Thanks for your feedback.

But I'm afraid it won't be helpful if you're referring to the --http-timeout option.

In Golang, there are many parameters related to HTTP timeouts, such as Timeout, TLSHandshakeTimeout, ResponseHeaderTimeout, IdleConnTimeout, ExpectContinueTimeout, etc. The --http-timeout option only controls Timeout but doesn't affect ResponseHeaderTimeout. However, the error mentioned above, net/http: timeout awaiting response headers, is precisely influenced by ResponseHeaderTimeout.

Of course, I can increase this parameter programmatically. As you said, the problem is from their side. The parameter's already set to 120 seconds as default now, and I don't believe increasing it further would work.

<!-- gh-comment-id:3084362507 --> @fudiwei commented on GitHub (Jul 17, 2025): > Sorry I'm joining here, but just now I'm having the same issue. > > ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead. > > Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL. > > Lego seems have a feature to set timeout limit (see `lego help`), but I don't know if this will have any effect on this timeout issue case. Thanks for your feedback. But I'm afraid it won't be helpful if you're referring to the `--http-timeout` option. In Golang, there are many parameters related to HTTP timeouts, such as `Timeout`, `TLSHandshakeTimeout`, `ResponseHeaderTimeout`, `IdleConnTimeout`, `ExpectContinueTimeout`, etc. The `--http-timeout` option only controls `Timeout` but doesn't affect `ResponseHeaderTimeout`. However, the error mentioned above, `net/http: timeout awaiting response headers`, is precisely influenced by `ResponseHeaderTimeout`. Of course, I can increase this parameter programmatically. As you said, the problem is from their side. The parameter's already set to 120 seconds as default now, and I don't believe increasing it further would work.

kerem commented 2026-03-03 01:04:36 +03:00

Author

Owner

Copy link

@FarrelF commented on GitHub (Jul 18, 2025):

Sorry I'm joining here, but just now I'm having the same issue.
ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead.
Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL.
Lego seems have a feature to set timeout limit (see lego help), but I don't know if this will have any effect on this timeout issue case.

Thanks for your feedback.

But I'm afraid it won't be helpful if you're referring to the --http-timeout option.

In Golang, there are many parameters related to HTTP timeouts, such as Timeout, TLSHandshakeTimeout, ResponseHeaderTimeout, IdleConnTimeout, ExpectContinueTimeout, etc. The --http-timeout option only controls Timeout but doesn't affect ResponseHeaderTimeout. However, the error mentioned above, net/http: timeout awaiting response headers, is precisely influenced by ResponseHeaderTimeout.

Of course, I can increase this parameter programmatically. As you said, the problem is from their side. The parameter's already set to 120 seconds as default now, and I don't believe increasing it further would work.

I'm not just referring to --http-timeout, but there is --cert.timeout and --dns-timeout too.

Especially --cert.timeout, which is only used when obtaining a certificate, which can sometimes be problematic in that area due to their server, but yeah, I don't think it would be useful for the "Response Headers Timeout" issue that randomly appears due to their server and --http-timeout only controls Timeout as you said.

So I think there is no solution to case like this currently yet except waiting for the server to get better, trying again, subscribe the paid plan and then use their REST API (not the ACME one) or not using ZeroSSL at all.

<!-- gh-comment-id:3086691326 --> @FarrelF commented on GitHub (Jul 18, 2025): > > Sorry I'm joining here, but just now I'm having the same issue. > > ZeroSSL's ACME servers are terribly unstable, seems nothing change since a long time ago until now, so I'm not too surprised that issue like this often arise and I myself using Google Trust Services instead. > > Is there any way option to increase/set up the timeout limit here? I know this is not a solution since the problem is from their side, but at least it minimise the timeout error because problem like this and open up the possibility of users being able to get their certificates from ZeroSSL. > > Lego seems have a feature to set timeout limit (see `lego help`), but I don't know if this will have any effect on this timeout issue case. > > Thanks for your feedback. > > But I'm afraid it won't be helpful if you're referring to the `--http-timeout` option. > > In Golang, there are many parameters related to HTTP timeouts, such as `Timeout`, `TLSHandshakeTimeout`, `ResponseHeaderTimeout`, `IdleConnTimeout`, `ExpectContinueTimeout`, etc. The `--http-timeout` option only controls `Timeout` but doesn't affect `ResponseHeaderTimeout`. However, the error mentioned above, `net/http: timeout awaiting response headers`, is precisely influenced by `ResponseHeaderTimeout`. > > Of course, I can increase this parameter programmatically. As you said, the problem is from their side. The parameter's already set to 120 seconds as default now, and I don't believe increasing it further would work. I'm not just referring to `--http-timeout`, but there is `--cert.timeout` and `--dns-timeout` too. Especially `--cert.timeout`, which is only used when obtaining a certificate, which can sometimes be problematic in that area due to their server, but yeah, I don't think it would be useful for the "Response Headers Timeout" issue that randomly appears due to their server and `--http-timeout` only controls `Timeout` as you said. So I think there is no solution to case like this currently yet except waiting for the server to get better, trying again, subscribe the paid plan and then use their REST API (not the ACME one) or not using ZeroSSL at all.

kerem referenced this issue 2026-03-03 01:07:10 +03:00

[PR #597] [MERGED] new providers #991

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

next

archive/v0.3

archive/v0.2

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.24-beta

v0.2.23-beta

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.19

v0.1.18

v0.1.17

v0.1.16

v0.1.15

v0.1.14

v0.1.13

v0.1.12

v0.1.11

v0.1.10

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.1

Labels

Clear labels   

announcement

  

backlog

  

bug

  

declined

  

documentation

  

duplicate

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

No labels

announcement

backlog

bug

declined

documentation

duplicate

enhancement

good first issue

good first issue

help wanted

invalid

pull-request

question

stale

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/certimate#597

No description provided.