Flush of authorization cache

Hi,
In FAQ I've found information:
"Once you successfully complete the challenges for a domain, the resulting authorization is cached for your account to use again later. Cached authorizations last for 30 days from the time of validation. If the certificate you requested has all of the necessary authorizations cached then validation will not happen again until the relevant cached authorizations expire."

I've introduced some changes into my infrastructure(k8s+istio) and I'm not sure if http01 challenge will pass. Is there any chance to flush authorization cache to force challenge? At this moment if I delete certificate manifest, new certificate is signed without http01 challenge validation.

Try running against the staging API.

3 Likes

Technically, yes, it's possible to deactivate cached valid authorizations, see RFC 8555 section 7.5.2: Deactivating an Authorization.

However, it depends on the ACME client used if this feature of the ACME protocol is supported.

Also, please don't delete/recreate certificates for testing purposes on the production environment.

3 Likes