@pfg it appears as though we over the pending authz rate limit and I was able to trigger a failure to see how our cleanup code handles it. I want to confirm this is the proper behavior we need to implement to ensure we don’t get rate limited like this again in the future.
The following authz URL was in this state:
2016/11/08 10:43:17 [DEBUG][REDACTED.composedb.com] https://acme-v01.api.letsencrypt.org/acme/authz/REDACTED: pending
To clear it from pending, we issue a validate to the DNS01 challenge URL, knowing it will fail:
2016/11/08 10:47:26 [DEBUG][REDACTED.composedb.com] initiating validation for dns-01 on https://acme-v01.api.letsencrypt.org/acme/challenge/REDACTED/CHALLENGE_ID
2016/11/08 10:47:26 [INFO][REDACTED.composedb.com] sending validate for https://acme-v01.api.letsencrypt.org/acme/challenge/REDACTED/CHALLENGE_ID
2016/11/08 10:47:28 [ERROR] validate error acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.REDACTED.composedb.com
2016/11/08 10:47:28 [DEBUG] successful validation of https://acme-v01.api.letsencrypt.org/acme/authz/REDACTED
If I then make a GET call to the authz URL, I get the following:
2016/11/08 10:48:01 [DEBUG][1991322541.composedb.com] https://acme-v01.api.letsencrypt.org/acme/authz/ZpwLF2B0lYBB9C3t9WQsPWoKFZL2XsC1sCJRQLiZyuc not in pending status, invalid
By being in the invalid state, we shouldn’t be impacted by the rate limit correct?