Verification Timeouts

Then you should never have pending authorizations.

So

that problem doesn’t exist.

1 Like

the problem with that PHP Client - it won’t save pending Requests … it’s running while the PHP Process is running … so a few Minutes is all I can give the Script to finish … not a whole week … :grimacing:
But all Test-Renews I did finished within 20-40 Seconds now … So I hope this should do the trick! :wink:

1 Like

alright - thx - then I hope that the Prob is solved by this! :wink:
Will monitor it more closely the next time …

Thank you all! :slight_smile:

1 Like

It should store that stuff in some kind of database or text file, change client asap please.

1 Like

will reach out to the initial coder of this Client … maybe he’s going to add this behaviour … otherwise maybe I’m going to do it … if it’s to complicated to get it into this Client a Client Switch may be adviseable … you are right …

1 Like

you are managing a lot of certs. maybe you should think of some client that would renew without relying on a webserver executing a php script (even using a php script, but from the cli, which have no stringent time limits if you set it, anyway)

renewals should happen in the background, not interactively. and they definitely should not make a frontend wait.

1 Like

they run CLI-wise CRON triggered … completely Background - no Frontend Waiting for anything … :wink:
but you are right - normally one could increase Time Limit as needed … it’s just not tested by me if simultaneously running this script is working without problem (normally it should …)
Was no matter until now as it was working without any problems for some years now … with ACME-v1 and later also with v2 …
There is an Error Log with all those Errors so one can good see when Problems started … mhm … maybe it’s time after a few years again to put some love+time in the LE Stack of the CMS … :wink:
Not thought about it yet …

1 Like

this in a cron can be an idea:

LOCK=/var/yourclient.lock 
if [[ ! -e "$LOCK" ]]; then
  echo 'I am running' > "$LOCK" ; 
  php -f yourclientblabla && rm "$LOCK";
else 
  echo "yourclient is still running" 1>&2;
fi

(you can also check with ps aux | grep)

2 Likes

at least in theory … this one CMS Server is responsible for way over 1.000 Domains, all with LE Certs. Now if 1 Domain could lock up the renewal Process for up to 1 Weeks (worst case) … it could happen we run into problems getting all those Certs renewed … :wink:
Of course speaking worst case … so there are only 2 viable Options I see (with this Client)

  • check if it’s working without hassle when running multiple times (i think so … maybe just need to add a check if Domain XYZ is already running)
  • make it pick up PENDING Verifications later on subsequent calls of the Client

mhm

… next to just completely replace this Client with some more robust solution … :wink:

1 Like

If every domain has its certificate and domains do not share a certificate, any sensible client would renew the working domains and retry failed ones in the following run.

1 Like

that was related to your CRON suggestion above - if i do a locking like that we would run into the mentioned problem! :wink:

I don’t think so. If a domain fails the challenge fails, doesn’t stay pending indefinitely.

I guess this is the solution. You might even want to reverse proxy all the thing.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.