Cancel or force pending authorizations to proceed

Using the certbot auto client to fetch certificates for a list of domains

certbot-auto --webroot -w <webroot-path> -d <domain and list of other domains separated with -d>

It’s been a week after hitting the ratelimit (I can say for sure that the ratelimit hasn’t been hit - issuing 4 certs (4 requests) for 90-99 domains each (with each certificate request). The first one ran fine, that was about 3 weeks ago. The new request always comes back with

urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many currently pending authorizations

Is there a way to force validation within the queue or to cancel the pending authorizations?

I believe that limit is reset weekly (not hourly), so the more important question is: Why are your auth requests unsuccessful?

I may have pressed ^C the first time, due to a miss spelling of a domain. That may have caused a bug with regards to the client not being able to auth / validate the first requests or get a response back or some such.

Nope, pending authzs last a week. However, with an upcoming version, they will be recycled to avoid hitting this limit. You’re thinking of failed authorizations. @ms1, if you do a search, you’ll find a lot of posts about this, including tools to help clear the pending authzs.

OK, I stand corrected.
But that only adds to the pending question:
Why are your auth requests unsuccessful?

Just to be clear, the pending authorizations rate limit is totally independent of rate limits that limit the quantity of certificates that can be issued.

The pending authorizations rate limit is usually encountered due to a Let’s Encrypt client that crashed. Possibly interrupting it yourself could cause this problem. The problem with interrupting it when requesting such a large certificate is that there would be one pending authorization per name, so you could hit the limit more quickly in this case than someone requesting a smaller certificate would.

@rg305 I mentioned interrupting the client, which has caused the authz / validation requests to pile up, and enter limbo. That’s the reason for the error I mentioned.

@jared.m Thanks Jared, did search for the tools, found Requires me to install the acme package which in itself is throwing errors w.r.t pbr-3.1.1

Though using a different config directory does work (different config) now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.