Uncaught "Socket hang up" error when community member API is unresponsive #42

New Issue

Ghost · 2019-08-06T18:41:41Z

Ghost commented

2019-08-06 18:41:41 +00:00

Our service has a large volume of SSL renewal requests which we handle using Greenlock. Recently we started experiencing a large number of "Socket hang up (ECONNRESET)" errors, and we tracked the source to the addCommunityMember function of Greenlock. It appears that when the https://api.ppl.family servers are unresponsive (possibly due to a large amount of traffic) this error can occur, and it's not caught, which can cause the process to crash.

I had to dig through the code of this library to figure out that every renewal request causes an API call to be made to this external service, which appears to be administered by the same entity as Greenlock. I had no idea that our email addresses were being sent to this service- at the very least I would hope for this to be documented in the README. I'm sure this isn't malicious behavior, and maybe I missed the documentation regarding this but it would be nice if this was more obvious, especially as it can apparently be a source of errors.

Since I added securityUpdates: false to our Greenlock configuration (the flag that disables the API calls to ppl.family) we haven't seen any more "Socket hang up" errors, so I'm confident this was the source of the problem.

I'm happy to submit a PR documenting the securityUpdates option if that would help.

Our service has a large volume of SSL renewal requests which we handle using Greenlock. Recently we started experiencing a large number of "Socket hang up (ECONNRESET)" errors, and we tracked the source to the [addCommunityMember](https://git.coolaj86.com/coolaj86/greenlock.js/src/branch/master/lib/community.js#L3) function of Greenlock. It appears that when the https://api.ppl.family servers are unresponsive (possibly due to a large amount of traffic) this error can occur, and it's not caught, which can cause the process to crash. I had to dig through the code of this library to figure out that every renewal request causes an API call to be made to this external service, which appears to be administered by the same entity as Greenlock. I had no idea that our email addresses were being sent to this service- at the very least I would hope for this to be documented in the README. I'm sure this isn't malicious behavior, and maybe I missed the documentation regarding this but it would be nice if this was more obvious, especially as it can apparently be a source of errors. Since I added `securityUpdates: false` to our Greenlock configuration (the flag that disables the API calls to ppl.family) we haven't seen any more "Socket hang up" errors, so I'm confident this was the source of the problem. I'm happy to submit a PR documenting the `securityUpdates` option if that would help.

coolaj86 commented

2019-08-06 19:45:24 +00:00

Hello,

Thanks for the report. The error should be silently ignored:

You may have an older version, or perhaps there's another level of error propagation.

The behavior is documented and the usage is described:

https://git.coolaj86.com/coolaj86/greenlock.js (see securityUpdates)
https://therootcompany.com/legal/#terms (link at bottom of repo)

The URL hasn't been updated from the old site (now therootcompany.com, was ppl.family).

Very, very rarely, I send out security notices. I sent one out the last time Let's Encrypt had a breaking change that affected all Greenlock installs. There's another one coming up shortly.

Hello, Thanks for the report. The error should be silently ignored: * https://git.coolaj86.com/coolaj86/greenlock.js/src/branch/master/lib/community.js#L56 * https://git.coolaj86.com/coolaj86/greenlock.js/src/branch/master/lib/community.js#L18 You may have an older version, or perhaps there's another level of error propagation. The behavior is documented and the usage is described: * https://git.coolaj86.com/coolaj86/greenlock.js (see `securityUpdates`) * https://therootcompany.com/legal/#terms (link at bottom of repo) The URL hasn't been updated from the old site (now therootcompany.com, was ppl.family). Very, very rarely, I send out security notices. I sent one out the last time Let's Encrypt had a breaking change that affected all Greenlock installs. There's another one coming up shortly.

coolaj86 commented

2019-08-10 18:19:28 +00:00

Closing. Let me know if you need anything else.

coolaj86 closed this issue

2019-08-10 18:19:28 +00:00

coolaj86 referenced this issue from a commit

2019-11-01 11:10:12 +00:00

fix #42, use correct asn1js dependency

Sign in to join this conversation.