The lifecycle of a valid authorization

munmar · September 5, 2019, 2:17pm

Hi

RFC 8555 - Automatic Certificate Management Environment (ACME) says

Note that just because an authorization URL is listed in the
"authorizations" array of an order object doesn't mean that the
client is required to take action. There are several reasons that
the referenced authorizations may already be valid:

o The client completed the authorization as part of a previous order

What can be said about how Let's Encrypt reuses authorizations?
Once valid, how long will an authorization be reused for?

Best,
Marius

Phil · September 5, 2019, 6:44pm

@munmar,

An authorization aka authz is valid for 30 days and that value is set via the RA configuration.
Example: https://github.com/letsencrypt/boulder/blob/master/test/config-next/ra.json#L10-L11

mnordhoff · September 5, 2019, 10:44pm

However, that may change in the future. There is no guarantee that an authz will be valid for 30 days. The number may be changed, or some authorizations may be deactivated unexpectedly.

An ACME client should always be prepared to validate again, rather than counting on authz reuse.

munmar · September 6, 2019, 2:38pm

Thanks for the details - it all sounds more or less how I imagined it to be.
I’ll be making no assumptions and be ready to validate around the clock

system · October 6, 2019, 2:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reuse of ACME authorization object Client dev	12	959	August 30, 2023
Authorization recycling Issuance Tech	6	3299	January 19, 2017
Order is sometimes ready before doing authz/challenge Help	3	414	March 23, 2023
Identifier validation in certificate renewals Issuance Policy	26	301	December 22, 2024
Certificate Failed to Renew - authorizations for these names not found or expired Issuance Tech	2	3169	July 13, 2017

The lifecycle of a valid authorization

Related topics