Sunsetting Plan For Synchronous Order Finalization

General questions about the following post: Enabling Asynchronous Order Finalization

  1. Will synchronous order finalization be supported beyond April 24th? If so, how long will this be supported for?
  2. Is there any significant differences in the time we should expect to get valid certificate response when moving to asynchronous order finalization?

Context about my use case:
We are using an in house java application that uses GitHub - shred/acme4j: Java client for ACME (Let's Encrypt) to communicate with Let's Encrypts environment.


Hi! These are great questions:

  1. The schedule has been pushed back somewhat (see the comments on that post; I'll update the schedule in the first message soon), so the final date will likely be a week or two after April 24th. But no, we have no plans to allow-list accounts into using the old synchronous code path or anything like that. When synchronous order finalization is finally fully turned off, there will be no carve-outs.

  2. No, we don't expect finalization to take any longer, in the usual case. The purpose of this change is to make it so that those few finalizations which already take a long time are able to succeed, rather than timing out. It may take slightly longer from your client's perspective, just because the client has to make ~1 additional network request, but that's very little in the grand scheme of things.

It's worth noting that the acme4j example client already does exactly the right thing for asynchronous finalization! It makes the finalize request, throws away the result, then polls the order status until it becomes VALID, and then finally downloads the certificate.

        // Order the certificate

        // Wait for the order to complete
        try {
            int attempts = 10;
            while (order.getStatus() != Status.VALID && attempts-- > 0) {
                // Did the order fail?
                if (order.getStatus() == Status.INVALID) {
                    LOG.error("Order has failed, reason: {}", order.getError());
                    throw new AcmeException("Order failed... Giving up.");

                // Wait for a few seconds

                // Then update the status
        } catch (InterruptedException ex) {
            LOG.error("interrupted", ex);

        // Get the certificate
        Certificate certificate = order.getCertificate();

Related Topics:

1 Like