Hello. He had currently using about 600 certificates for 1200 domains from LE single account. And cannot issue any more certificates.
When we try to create new-authz we got an error: too many currently pending authorizations
We deactivated all non-expired authorizations with valid or pending state what can find. But still same error. How we can known what is causing this rateLimit?
Hi @dutchak,
Can you provide more information? What ACME client are you using? Do you know what circumstances are causing it to leak pending authorizations? You should definitely attempt to figure out this leak since it will be the root cause of the problem and reappear in the future.
There must be remaining pending authorizations that remain above and beyond the documented pending authorization rate limit.
You say "what we can find" - does your client log all of the authorizations it creates? That would be a good change to make if you suspect you're leaking authorizations under some conditions.
As a note: We're working on a way to automatically reuse pending authorizations that will hopefully help make this less painful in the future. It isn't yet deployed & activated in production but I expect this to change in the coming weeks.
1 Like
We use acmetool client. We find out what acmetool save all authorization information into fs in 2 files (expiry and url), so we deactivated all of it. That all what we can find.
What we can do for continue issued certificates for our clients?
The built-up pending authorizations will expire 7 days after they were created.
As a short-term hackish workaround you could create a new account. The pending authorization rate limit is tied to your account ID. If you take this approach I caution you to be aware that without fixing the original reason your first account began leaking pending authorizations you will likely end up in the same position again with the second account.
Hope that helps,
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.