Clarification on v1 authz status and expiry


I’m finding a bunch of authzs that simultaneously have a status of pending with an expires in the distant past.

Some examples:

A (had been) relying on the status field to indicate whether the authz was usable, on the assumption that (pending + expired) = invalid.

Is it the intent that clients should pay attention to the authz expiry as well? Boulder seems to count pending authorizations with an expires > clause, so I am guessing maybe yes?

Is new-authz that ends with rate limit error is counted against rate limit?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.