AuthorizationError: Incomplete authorizations - High load?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: transtechtowing1.com,www.transtechtowing1.com

My web server is (include version): nginx/1.2.1

The operating system my web server runs on is (include version): debian 6

My hosting provider, if applicable, is: Rackspace

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot version: 0.21.0

Hello,

Some background: We create/renew about 200 certs per day using some automation we build on top of certbot via python.

Yesterday we started encountering some random errors with renewals across dozens of domain with an error eventually coming back as “AuthorizationError: Incomplete authorizations”.

After it fails, if we try again, then it succeeds and moves on, or it fails again requiring a retry. Not a consistent error.

From this old thread, there was some indication that this can happen during high load on the letsencrypt servers Incomplete Authorizations error when trying to renew

Which could be the case starting yesterday with everyone renewing their revoked certificates?

Is there a retry param that we could extend to keep trying until we get a response?

FWIW “Incomplete authorizations” no longer exists in the latest version of Certbot and the code in the authorization handler has dramatically changed, including the authorization polling logic.

In your version of Certbot, in certbot/auth_handler.py, it is unfortunately hardcoded:

If desperate, you can probably try just applying a patch to the source code in your environment.

I would try using the latest version of Certbot, though.

Although, since you are on an extremely EOL version of Debian, I can guess that’s probably not a real option for you right now.

Thanks so much. Was able to up the max_rounds to 25 and the errors subsided.