404 Expired authorization


#1

On one system (mon.stolaf.edu) with an LE cert that is about 70 days old, I am getting: mon.stolaf.edu:Challenge error: {“type”:“urn:acme:error:malformed”,“detail”:“Expired authorization”,“status”: 404} when I run acme.sh --renew -d mon.stolaf.edu. We are using manual DNS mode and acme.sh 2.6.5.

We have a few other systems where I was able to renew the certificate when the certificate was also about 70 days old. What is different about this installation?


#2

The lifetime for new authorizations has been decreased, see this post for details. I think it might be something like 30 or 60 days right now, it’ll probably be something like 7 days eventually.

Basically, you’ll need to be prepared to solve a new challenge for each renewal. Perhaps you can use something like acme-dns to automate the DNS challenge in your environment, if you feel like that’ll save time compared to doing it manually once every 3 months.


#3

Any clues why one system was different than another (the other system, where the renewal worked, actually had a cert that was a few days older)?


#4

There are still some authorizations in the system from when the expiration used to be 10 months. Perhaps you first issued a certificate for that domain name back then, and that authorization was still valid.


#5

That’s probably it then. Thanks for your help.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.