Then you should never have pending authorizations.
So
that problem doesn't exist.
Then you should never have pending authorizations.
So
that problem doesn't exist.
the problem with that PHP Client - it won’t save pending Requests … it’s running while the PHP Process is running … so a few Minutes is all I can give the Script to finish … not a whole week …
But all Test-Renews I did finished within 20-40 Seconds now … So I hope this should do the trick!
alright - thx - then I hope that the Prob is solved by this!
Will monitor it more closely the next time …
Thank you all!
It should store that stuff in some kind of database or text file, change client asap please.
will reach out to the initial coder of this Client … maybe he’s going to add this behaviour … otherwise maybe I’m going to do it … if it’s to complicated to get it into this Client a Client Switch may be adviseable … you are right …
you are managing a lot of certs. maybe you should think of some client that would renew without relying on a webserver executing a php script (even using a php script, but from the cli, which have no stringent time limits if you set it, anyway)
renewals should happen in the background, not interactively. and they definitely should not make a frontend wait.
they run CLI-wise CRON triggered … completely Background - no Frontend Waiting for anything …
but you are right - normally one could increase Time Limit as needed … it’s just not tested by me if simultaneously running this script is working without problem (normally it should …)
Was no matter until now as it was working without any problems for some years now … with ACME-v1 and later also with v2 …
There is an Error Log with all those Errors so one can good see when Problems started … mhm … maybe it’s time after a few years again to put some love+time in the LE Stack of the CMS …
Not thought about it yet …
this in a cron can be an idea:
LOCK=/var/yourclient.lock
if [[ ! -e "$LOCK" ]]; then
echo 'I am running' > "$LOCK" ;
php -f yourclientblabla && rm "$LOCK";
else
echo "yourclient is still running" 1>&2;
fi
(you can also check with ps aux | grep
)
at least in theory … this one CMS Server is responsible for way over 1.000 Domains, all with LE Certs. Now if 1 Domain could lock up the renewal Process for up to 1 Weeks (worst case) … it could happen we run into problems getting all those Certs renewed …
Of course speaking worst case … so there are only 2 viable Options I see (with this Client)
mhm
… next to just completely replace this Client with some more robust solution …
If every domain has its certificate and domains do not share a certificate, any sensible client would renew the working domains and retry failed ones in the following run.
that was related to your CRON suggestion above - if i do a locking like that we would run into the mentioned problem!
I don't think so. If a domain fails the challenge fails, doesn't stay pending indefinitely.
I guess this is the solution. You might even want to reverse proxy all the thing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.