Too many currently pending authorizations


#1

I am getting the following error:

acme.messages.Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: too many currently pending authorizations.

I have tried this to reset the pending authorizations:

When I run it, I get the following error:

python LE_FIND_PENDING_AUTHZ.py

Traceback (most recent call last):
File “LE_FIND_PENDING_AUTHZ.py”, line 8, in
from acme import client
ImportError: No module named acme

I am not familiar with Python so I don’t know what direction to go. I have researched the error, but have not been able to really find anything.

Two questions:

  1. Is there different/better way to clear the authorizations?

  2. If this is the only tool to clear the authorizations, how do I get it to run successfully?

Thanks in advance.

My web server is (include version): Apache 2.2.15

The operating system my web server runs on is (include version): CentOS release 6.9 (Final)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi @smrtalex,

You could try clear-authz tool, here a mini guide to use it.

Good luck,
sahsanu


#3

Worked perfect!!!

Thank you!!!


#4

Hi @smrtalex,

What are the domain names you were trying to issue for? Do you run Certbot from cron? If so would you be able to share the crontab entry?

This condition usually only occurs when something has gone wrong with the ACME client. I’m glad to hear @sahsanu’s suggestion for clearing the pending authorization backlog worked but it would be even better to identify the reason that you found yourself in this situation. That way you can make sure it won’t happen again, interfering with future renewals.

Thanks!


#5

The problem was self-inflicted. I tried to issue SSL certs for too many domains at once. So the root of issue was known and I now know what not to do!

Thanks!


#6

Hi again @smrtalex, thanks for getting back to me.

Can you explain a little bit more about how you tried to issue too many certificates at once? I’m surprised that this would cause leaked authorizations. Which ACME client were you using? Certbot?

Thanks!


#7

Running certbot-auto version 0.25.1

I have a little over 1000 domains on a server. When I ran ./certbot-auto it asked if I wanted to do all available domains. I said yes. Then the problem happened.

I am now doing about 50 domains per day one by one.


#8

Very interesting! Thanks for sharing that information.

@bmw @schoen Do you folks have any insight into how Certbot could handle a case like this more gracefully? I’m guessing that when Certbot began trying to issue for the 1000 domains it called new-authz 300 times and on the 301st time the pending authorization rate limit was hit and the process was aborted, leaving 300 pending authorizations dangling. Does that sound plausible to you?


#9

@cpu, your guess is correct! The issue for this is https://github.com/certbot/certbot/issues/5208.

Sorry for the trouble here. We’re planning on switching Certbot to use Let’s Encrypt’s ACMEv2 endpoint by default in the next release which should largely mitigate this issue.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.