Giter Club home page Giter Club logo

Comments (5)

skoerfgen avatar skoerfgen commented on May 28, 2024 1

Hi!

It works like this:

  • for each domain a corresponding authorization is created in pending state by Let's Encrypt.
  • during the validation process (when the challenge callback returns) the corresponding authorization is triggered and transistions from pending to valid/invalid.

So if there was no error, there are no more pending authorizations left.

On the other hand, when there was a validation error (or the validation process is interrupted otherwise), all remaining/subsequent authorizations stay in pending state.

When you then run getCertificateChain again (after fixing the validation errors) it reuses the pending authz from above.

So pending authorizations can only accumulate, if there are errors during the validation process which do not get resolved (by fixing the validation error(s) and re-running getCertificateChain).

Hope that helps!

from acmecert.

skoerfgen avatar skoerfgen commented on May 28, 2024 1

And a authorization in pending has a lifetime of 7 days, correct? So the limit of 300 has a sliding window.

Both correct!

For pending authorizations it is 7 days and for valid authorizations it is 30 days

It would be good if there is a helper function which allows to trigger the validation of pending authorizations (based on the authorization URLs found in the logs) or do you think it is as good to run getCertificateChain again?

It is as good as running getCertificateChain again, because of authorization reuse, you will get the same authorization urls again (as long as they are not expired yet). So there is no need to get the urls from the log.

from acmecert.

svenba avatar svenba commented on May 28, 2024 1

Awesome, thanks a lot for the clarification. A little FAQ would be nice and a donation link :)

from acmecert.

svenba avatar svenba commented on May 28, 2024

Thanks a lot for the detailed explanation.

And a authorization in pending has a lifetime of 7 days, correct? So the limit of 300 has a sliding window.

It would be good if there is a helper function which allows to trigger the validation of pending authorizations (based on the authorization URLs found in the logs) or do you think it is as good to run getCertificateChain again?

from acmecert.

skoerfgen avatar skoerfgen commented on May 28, 2024

@svenba

You're welcome!

Meanwhile I also have added a donation link :)

Not sure about what topics to cover in the FAQ..
(I'm open to suggestions)

from acmecert.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.