LE Staging: All authorizations were not finalized by the CA

jmcclelland · December 19, 2025, 4:44pm

I seem to be getting this error intermittently when I do a --dry-run. If I keep submitting, it eventually works. I noticed in the code there's a comment before triggering this error:

Here authzrs_to_check is still not empty, meaning we exceeded the max polling attempt.

I'm wondering if this is a server load problem? Or is our client doing something wrong here?

My domain is: junipercameryn.com

I ran this command: /usr/bin/certbot certonly --expand --renew-with-new-domains --non-interactive --email ssl@XXXX.org --agree-to-tos --certname site317881 --webroot --webroot-path /var/www/html --domains junipercameryn.com,www.junipercameryn.com --dry-run

It produced this output:


2025-12-19 16:13:05,214:DEBUG:acme.client:Storing nonce: 0t1BB3M7X2EJazS73j00W08cX2gRTTEMjYOqTSGP7qVn01flPxk
2025-12-19 16:13:05,216:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 210, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.

2025-12-19 16:13:05,216:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-12-19 16:13:05,216:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-12-19 16:13:05,217:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/XA91gXVqvTGTT-PAzFEDXWJAta5skdygBryT5iS51xg
2025-12-19 16:13:05,217:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/he17sB90qa4feFcRwRIepzFdS32QFZcfINSaiFLQA4E
2025-12-19 16:13:05,218:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-12-19 16:13:05,219:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1590, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 138, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 210, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.
2025-12-19 16:13:05,223:ERROR:certbot._internal.log:All authorizations were not finalized by the CA.

My web server is (include version): nginx 1.22.1

The operating system my web server runs on is (include version): debian bookworm

My hosting provider, if applicable, is: May First

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): May First custom control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

jmcclelland · December 19, 2025, 6:17pm

In addition, I'm intermittently getting:

acme.messages.Error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Service busy; retry later.

Which ends up also raising:

raise AttributeError("can't set attribute")

But it seems like the first error is the relevant one.

Does anyone know if this means the overall staging server is under heavy load - or is my client being rate limited? I'm just trying to assess whether I am doing anything wrong or whether I should sit tight and wait for the server to be less busy?

MikeMcQ · December 19, 2025, 6:38pm

Yes, that is a nuisance message. That was a known bug in v2.1 fixed in 2.3. Note the current version is 5.2.2

It would seem so from the Server Busy - Retry Later along with the original polling timeout for the authz in your first post.

There isn't any notice on the service status board about Staging being bogged down. But, I'd expect that LE's own monitoring is likely to notice this soon enough. See: https://letsencrypt.status.io/

There isn't anything wrong with Certbot. I also just got a Server Busy using Let's Debug

jmcclelland · December 19, 2025, 7:10pm

@MikeMcQ Thanks for the feedback. I guess it's time to upgrade our key server :). I'll monitor the status page.

system · January 18, 2026, 7:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AuthorizationError: Incomplete authorizations - High load? Help	4	753	April 6, 2020
Certbot certonly: Failed authorization procedure // The client lacks sufficient authorization Server	4	4899	December 28, 2018
ACMEv2 staging new-order sometimes fails with "Error finalizing order" Help	12	4845	May 8, 2018
Error creating new order :: too many failed authorizations recently Help	7	54116	November 30, 2020
Certbot renewal : fails due to too many pending authorizations (SAN cert, pass on staging) Help	1	1119	June 7, 2017

LE Staging: All authorizations were not finalized by the CA

Related topics