Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My web server is (include version): nginx/1.2.1
The operating system my web server runs on is (include version): debian 6
My hosting provider, if applicable, is: Rackspace
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot version: 0.21.0
Some background: We create/renew about 200 certs per day using some automation we build on top of certbot via python.
Yesterday we started encountering some random errors with renewals across dozens of domain with an error eventually coming back as “AuthorizationError: Incomplete authorizations”.
After it fails, if we try again, then it succeeds and moves on, or it fails again requiring a retry. Not a consistent error.
From this old thread, there was some indication that this can happen during high load on the letsencrypt servers Incomplete Authorizations error when trying to renew
Which could be the case starting yesterday with everyone renewing their revoked certificates?
Is there a retry param that we could extend to keep trying until we get a response?