I’m investigating a use-case where responding to the domain validation challenge may take long time.
When ordering a brand new certificate, for how long the order and the authorization are allowed to be in a pending state before they expire?
checked my last log. If you create a new certificate, there is an order url, something like
There is a "expires" attribute - one week.
Hi @ArikS, welcome to the community forum
Presently both newly created pending authorizations and newly created pending orders have a lifetime of 7 days. These values may change in the future.
I would also be wary about making too many assumptions about these lifetimes. You should always defer to the
"expires" value of the resources returned by the ACME server.
For example there is one case where you could get a new pending order back from the Let's Encrypt's ACME server with a lifetime <7d. Let's Encrypt will re-use older pending authorizations from previous orders for matching identifiers in new orders. If you created an order previously but did not attempt any of the associated authorization challenges then new orders for overlapping identifiers would result in an order with a shorter lifetime. In this case the order's overall lifetime would be determined by the nearest expiry of its associated authorizations. We take some care to never reuse authorizations with <24hrs of lifetime remaining so that should be a lower bar for the overall order lifetime.
Hope that helps!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.