CertSage Authorization still pending after 10 attempts

Hello,

I'm using CertSage v1.4.1 to renew from web browser, however, after input password, click on Acquire Staging Certificate, it shows "authorization still pending after 10 attempts"

I went through the topics related to this, but i'm still unclear how to resolve.
It looks like I have to wait for the pending authorization to expire in around a week? is it correct?

How to clear the pending authorization right away? so that we can renew the certificate.
There's response.txt generated, can we use any data from there to clear the pending authorization?

Kindly advise.
Thank you.

Best Regards,
Geoffrey

3 Likes

@Geoffrey,

Please read these:

2 Likes

@Bruce5051

Thank you for the advise.

Having read through the posts, we checked with the server support for the geoblocking, they said the geoblocking is not enabled.

Furthermore, we used tool letsdebug to check DNS-01 challenge method, and the test is OK. HTTP-01 test is OK. only TLS-ALPN-01 failed.

What else could we do to resolve?

Any advise is appreciated.

Best Regards,
Geoffrey

4 Likes

Hi Geoffrey :slightly_smiling_face:

Author of CertSage here. It's possible that the timeout might now be too short for the authorization to fully complete. I'll get back to you later with more specifics as soon as I can. My fellow volunteers might be able to lend assistance in the meantime.

4 Likes

Yep. I'm seeing the same issue with my own copy of CertSage. I'll look into this ASAP.

5 Likes

Success! :smiley:

If you're still running into trouble, try using the following file in place of your certsage.php file. You'll need to change the .txt to .php just like you normally do when installing CertSage. You won't lose any of your existing ACME account data or configuration.

certsage.txt (32.9 KB)

The only thing I changed from version 1.4.1 was increasing the timeout between validation check attempts from 1 second to 2 seconds. Specifically, I changed sleep(1); on line 582 of certsage.php to sleep(2); . If many CertSage users keep encountering this problem, I'll make an official release with the fix. For now, please try this out and get back to me. Thanks. :slightly_smiling_face:

6 Likes

Hi @Geoffrey,

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

2 Likes

While I generally agree with @Bruce5051 about providing info, please try my fix above before we investigate other avenues.

5 Likes

Absolutely agree! :slightly_smiling_face:

3 Likes

@griffin :grinning:
Many thanks Griffin Jonathan

The certsage just started working, I didn't use the new version you just offered yet. Perhaps it's just passed it's sliding window...... for your reference.

@Bruce5051 :grinning:
Thanks for the advise. This issue is now resolved.

Best Regards,
Geoffrey

5 Likes

Thanks so much for reporting back, @Geoffrey. :pray:

The timeout duration is probably right on the operational cusp, so even a positive 1 or 2 second variation could mean the difference between success and failure. Good to know. I'll keep an eye out. :eye:

6 Likes