Hello, is there a way to check when my rate limits will expire?
Due to a proxy placed in front of my site, the renewal process for a certificate had been continuously failing. I’d like to get things fixed before the certificate expires, but I don’t know when my rate limitation will end.
How can I check when the “too many currently pending authorizations” limitation will expire?
Nearest thing I know of is
… just realized you’re referring to the pending authorizations limit; that’s not handled by the script I mentioned above afaik, but you can manually clear it - someone recently mentioned this tool for doing so, though I haven’t personally tried it.
Unfortunately, that script doesn’t seem to be well documented.
It seems to expect some data from os.Stdin, but it’s not specified what that data is.
@_az am I correct in thinking that you are the author of that script?
Ah, found the post where it was mentioned originally:
so it seems the expected input is the logs from certbot
Unfortunately, the script found “0 authz”. I guess there isn’t an easy way to do this.
Pending authorizations expire after 1 week. If this has been running continuously, you may be able to try again soon.
How soon is your certificate expiring?
They aren’t going to expire within that week. I was just attempting to add a new certificate and got the error - that’s how I found out about it.
Yeah.
It is built this way because there doesn't seem to be any way to retrieve a list of pending authorizations from Boulder, so unless you have any kind of log file that contains the authz IDs (could be from any other ACME client too), you're stuck.
The one other variant that is possible is to use a challenge ID/URL and retrieve the authz ID from the Link: rel="up" header.
That script will work with the log files with any ACMEv1 client using the production Let’s Encrypt, not just certbot, as it just looks for URLs in the right form. It’s possible that some clients don’t log these URLs at all, however.
Make sure you pipe all the logs you can find for your Let’s Encrypt client to the utility, not just the latest one.
If you don’t have any logs containing these URLs, you can register a new ACME account key, as the limit is per account.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.