Too many currently pending authorizations (there is no pending authz)

I’m getting this classic error: Too many currently pending authorizations.

The problem is that I already tried LE_FIND_PENDING_AUTHZ and clear-authz
And both says that there is no pending auths!

Any tips?

Hi @leocavalcante,

What Let’s Encrypt client are you using, and how do you invoke it? Do you have a large number of domains or certificates? Have you had a large number of failed validations recently for some reason?

1 Like

Hi @schoen
I’m using Certbot. Yes, its a large number of domains and they failed once.

And are you sure that you found the right Certbot log associated with that failure and provided it as input to clear-authz?

I think so, all files at /var/log/letsencrypt/, then it says:
Found 459 unique authorizations in 951 lines …
Checked 459 of 459 authorizations …
Found 0 pending authorizations.

I managed to take a look at the uploaded logs before they were auto-expunged and they were all pretty much already-expired ACME v1 authzs.

Your pending authzs are either coming from somewhere other than Certbot, or Certbot is using another log directory (but that seems unlikely).

e: It’s possible that you get rate limited so it can’t check the authz statuses, but you can check your browser console if there were any errors in that case.

e2: From your latest logs, the most recent authzs are from 2019-02 (which are obviously expired now). Does /var/log/letsencrypt/letsencrypt.log (or .1 or .2) have anything more recent … ?

1 Like

Thanks for the hint. Console says it tried all the 459 and all returned 404.

How much times does it takes for pending authz to be auto-removed? (If they are)

If I recall correctly, pending authzs are expired after 7 days.

A different way to dodge the pending authz limit is to abandon your ACME account (certbot unregister), since the authzs are attached to the account.

What version of Certbot are you using (certbot --version)? Recent versions should be using ACME v2 automatically since 6+ months ago, but yours is not.

1 Like

Oh, great. I have 20 days left on the domain I want to renew, so will be ok to wait.

certbot 0.31.0

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.