New authz valid without being checked

Hi guys,

playing with the staging CA. I’m doing frequent requests - a complete cycle - nonce, order, authz, check, finalize, download.

Interestingly, the challenges don’t seem to be checked but authz-s are set as valid when checked after my validation timeout expires. I checked that in my “web server” and in Nginx logs - which fronts my server as a reverse proxy. And neither shows any incoming requests.

Are there any circumstances when the LE RA can decide to skip the challenge validations?

UPDATE: before you read on, it all works fine. I just didn’t expect that the authorizations (authz) can be re-used while they are valid.

Yes, if the authorization is still valid (it’s linked to the acme account and expires in 30 days.)

What timeout are you using? 7 days? 30 days?

I’m cancelling pending authz and the valid ones are instantly used for finalize.

Does it mean that the authz is valid even if used for a certificate? Also the “non-validated” are new authz, at least the URL/path is different for each.

crossed out: I don’t set any particular value for that, didn’t know it’s possible.

ah, I get you - my timeout is 10 seconds to wait for a validation request for an http challenge on the web server. After that I double check by checking the authz status and it shows “valid”. No traffic on the nginx that fronts my validation web server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.