- We’ve just upgraded to ACME2 (latest certbot)
- We’ve been stung bad by “hanging newauthz” rate limit in the past. 7 days unable to issue!
- We’re about to ramp up our retry logic during failed generate/renew in order to tackle intermittent failures in network between LE and various nameservers.
The question: Are we still at risk of hitting these “hanging newauthz” issues now that we’ve upgraded to latest certbot and ACME2. I have seen it implied that upgrading to certbot solves this risk, but I need strong confirmation in order to make this decision and solve our issues with more retries.
If our only risk is the 1-hour rate limit when hitting multiple failures, we have no worries. Hitting that 7 day rate limit from pending authz puts us dead in the water.
For the LE staff worried we’re about to smash against your server…
Current Retry strategy: once per day
Potential New Retry Strategy: Gradual backoff, somewhat similar to described in your integration guide