Cant renew: too many currently pending authorization #200
Description
Hi,
Im running the letscenrypt extension on 1 of our servers. Ik have 2 subscriptions with each 230 domains. Last week 350 domains got renewed by the cron, but the last 150 have the "pending authorization" error.
When i look in /var/log/plesk/panel.log i see this error:
[2018-05-30 07:29:49.693] INFO [extension/letsencrypt] Renew certificate of domain 'doetinchemslotenmaker.nl': the certificate will expire in less than 30 days at 2018-06-25...
[2018-05-30 07:29:49.696] INFO [extension/letsencrypt] Register to ACME server 'https://acme-v01.api.letsencrypt.org/directory' using e-mail 'ict@allfree.nl'
[2018-05-30 07:29:49.696] INFO [extension/letsencrypt] Validate ACME server using custom CA bundle: '/opt/psa/admin/plib/modules/letsencrypt/resources/ca/cacert.pem'.
[2018-05-30 07:29:49.696] DEBUG [extension/letsencrypt] Use existing registration from /opt/psa/var/modules/letsencrypt/registrations/195e649f02aed31a83540d908567b6ec99b5e443.json
[2018-05-30 07:29:49.696] INFO [extension/letsencrypt] Begin validation for domains: doetinchemslotenmaker.nl, www.doetinchemslotenmaker.nl, webmail.doetinchemslotenmaker.nl...
[2018-05-30 07:29:50.117] ERR [extension/letsencrypt] Domain validation failed for doetinchemslotenmaker.nl: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-authz.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new authz :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/
[2018-05-30 07:29:50.117] DEBUG [extension/letsencrypt] PleskExt\Letsencrypt\Acme\Exception\BadResponseException: Invalid response from https://acme-v01.api.letsencrypt.org/acme/new-authz.
Details:
Type: urn:acme:error:rateLimited
Status: 429
Detail: Error creating new authz :: too many currently pending authorizations: see https://letsencrypt.org/docs/rate-limits/
file: /opt/psa/admin/plib/modules/letsencrypt/library/Acme/Exception/BadResponseException.php
line: 38
code: 0
trace: #0 /opt/psa/admin/plib/modules/letsencrypt/library/Acme/Challenge.php(140): PleskExt\Letsencrypt\Acme\Exception\BadResponseException::create(object of type GuzzleHttp\Psr7\Response)
#1 /opt/psa/admin/plib/modules/letsencrypt/library/Acme/Challenge.php(35): PleskExt\Letsencrypt\Acme\Challenge->requestChallenges(string 'doetinchemslotenmaker.nl')
#2 /opt/psa/admin/plib/modules/letsencrypt/library/DomainValidation/AcmeDomainValidator.php(65): PleskExt\Letsencrypt\Acme\Challenge->solve(object of type PleskExt\Letsencrypt\ChallengeSolver\DomainDocRootHttpSolver, boolean false)
#3 /opt/psa/admin/plib/modules/letsencrypt/library/DomainValidation/AcmeDomainValidationTask.php(96): PleskExt\Letsencrypt\DomainValidation\AcmeDomainValidator->validateDomain(string 'doetinchemslotenmaker.nl')
#4 /opt/psa/admin/plib/modules/letsencrypt/library/Acme.php(226): PleskExt\Letsencrypt\DomainValidation\AcmeDomainValidationTask->run()
#5 /opt/psa/admin/plib/modules/letsencrypt/library/Acme.php(386): PleskExt\Letsencrypt\Acme->provideCertificate(array, object of type PleskExt\Letsencrypt\AcmeCertOrderContext, object of type PleskExt\Letsencrypt\ChallengeFailed\SkipChallengeFailedStrategy, object of type PleskExt\Letsencrypt\CertificateIssuance\CertSubjectsValidatorRequireNothing, array)
#6 /opt/psa/admin/plib/modules/letsencrypt/library/KeepSecured/KeepSecuredService.php(396): PleskExt\Letsencrypt\Acme->secureDomainAutomatically(string 'ict@allfree.nl', object of type PleskExt\Letsencrypt\Bridge\Domain, array, object of type PleskExt\Letsencrypt\CertificateIssuance\CertSubjectsValidatorRequireNothing, boolean true, boolean true, boolean false, boolean false)
#7 /opt/psa/admin/plib/modules/letsencrypt/library/KeepSecured/KeepSecuredService.php(255): PleskExt\Letsencrypt\KeepSecured\KeepSecuredService->renewDomainCertificate(object of type PleskExt\Letsencrypt\KeepSecured\KeepSecuredNotifier, string 'doetinchemslotenmaker.nl', object of type PleskExt\Letsencrypt\Bridge\Certificate, object of type DateTime, integer '30', boolean true, boolean false, boolean false)
#8 /opt/psa/admin/plib/modules/letsencrypt/library/KeepSecured/KeepSecuredService.php(134): PleskExt\Letsencrypt\KeepSecured\KeepSecuredService->renewDomainsCertificates(object of type PleskExt\Letsencrypt\KeepSecured\KeepSecuredNotifier)
#9 /opt/psa/admin/plib/modules/letsencrypt/library/KeepSecured/KeepSecuredService.php(90): PleskExt\Letsencrypt\KeepSecured\KeepSecuredService->renewCertificates(object of type PleskExt\Letsencrypt\KeepSecured\KeepSecuredNotifier)
#10 /opt/psa/admin/plib/modules/letsencrypt/scripts/keep-secured.php(19): PleskExt\Letsencrypt\KeepSecured\KeepSecuredService->keepAllSecured()
The strange thing is that i see this error block with this domain a serveral times. So i think it tries to renew more then once? Can someone explain how i can fix this? I also read about "Clearing pending authorizations", but when you do that, you probably first should fix bad behaviour of a buggy client.
And how does "Clearing pending authorizations" work?
Thanks!