Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve renew times for certificates with multiple SAN certificate #1979

Open
1 task done
relvira opened this issue Jul 31, 2023 · 3 comments
Open
1 task done

Improve renew times for certificates with multiple SAN certificate #1979

relvira opened this issue Jul 31, 2023 · 3 comments
Labels
contrib/waiting-for-feedback

Comments

@relvira
Copy link

relvira commented Jul 31, 2023

Welcome

  • Yes, I've searched similar issues on GitHub and didn't find any.

How do you use lego?

Library

Detailed Description

Hey there!

I am currently using go-acme/lego to renew a number of certificates that each contain a large list of SAN, all of which belong to the same domain name (i.e. mydomain.com), I am using DNS TXT challenges to prove ownership of said domains.

The main issue I'm facing is renew times, some of these certificates have about 100 SAN, and due to API rate limits on the DNS provider and DNS propagation I can only do the challenges at a certain pace.

I am wondering if there is room for a feature where we can somehow skip authorizations if there is a valid one already? This is what I am seeing when validating all of the SAN at the moment, and getting this after:

2023/06/15 07:42:20 [INFO] [*.dev1594.mydomain.com] acme: authorization already valid; skipping challenge
2023/06/15 07:42:20 [INFO] [*.dev1595.mydomain.com] acme: authorization already valid; skipping challenge
2023/06/15 07:42:20 [INFO] [*.dev1596.mydomain.com] acme: authorization already valid; skipping challenge
2023/06/15 07:42:20 [INFO] [*.dev1597.mydomain.com] acme: authorization already valid; skipping challenge
2023/06/15 07:42:20 [INFO] [*.dev1598.mydomain.com] acme: authorization already valid; skipping challenge
2023/06/15 07:42:20 [INFO] [*.dev1599.mydomain.com] acme: authorization already valid; skipping challenge

Thank you for your hard work maintainers!

Best,
Rafa.
@ldez
Copy link
Member

ldez commented Jul 31, 2023

Hello,

I'm not sure to understand: lego already skips authorizations, but to be able to know the state of the authorizations we must call the API to obtain authorizations.

The main issue I'm facing is renew times, some of these certificates have about 100 SAN, and due to API rate limits on the DNS provider and DNS propagation I can only do the challenges at a certain pace.

Not sure to understand: do you mean that the renew takes too much time?
What is the link with the DNS rate limits?
Can you provide more details?

@linsomniac

This comment was marked as off-topic.

Sign in to view
@ldez

This comment was marked as off-topic.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contrib/waiting-for-feedback
Milestone
No milestone
Development

No branches or pull requests
3 participants
@linsomniac @relvira @ldez