Flush of authorization cache

karolcienkosz · November 17, 2022, 7:46pm

Hi,
In FAQ I've found information:
"Once you successfully complete the challenges for a domain, the resulting authorization is cached for your account to use again later. Cached authorizations last for 30 days from the time of validation. If the certificate you requested has all of the necessary authorizations cached then validation will not happen again until the relevant cached authorizations expire."

I've introduced some changes into my infrastructure(k8s+istio) and I'm not sure if http01 challenge will pass. Is there any chance to flush authorization cache to force challenge? At this moment if I delete certificate manifest, new certificate is signed without http01 challenge validation.

jvanasco · November 17, 2022, 8:35pm

Try running against the staging API.

Osiris · November 17, 2022, 9:02pm

Technically, yes, it's possible to deactivate cached valid authorizations, see RFC 8555 section 7.5.2: Deactivating an Authorization.

However, it depends on the ACME client used if this feature of the ACME protocol is supported.

Also, please don't delete/recreate certificates for testing purposes on the production environment.

system · December 17, 2022, 9:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS Challenge Caching Help	3	2136	February 6, 2018
Certificate Failed to Renew - authorizations for these names not found or expired Issuance Tech	2	3169	July 13, 2017
Http-01 validation cache? Issuance Tech	11	3120	December 12, 2016
Is challenge required for old and new domains? Help	5	419	August 27, 2021
Can't do HTTP-01 challenge after DNS-01 challenge Help	5	2244	April 22, 2020

Flush of authorization cache

Related topics