ACME-Server-ADCS icon indicating copy to clipboard operation
ACME-Server-ADCS copied to clipboard

Published 20 hours ago verified publisher icon glatzert

Challenge Validation and Issuance Timing

Open rebortg opened this issue 11 months ago • 3 comments

Hey,

i try to get the certificates with traefik and its acme provider. They have a hardcoded 30 sec timeout. My installation take between 40 and 60 sec. to successfully rollout a Certificate.

Is this time "normal" or should i debug my Infrastructure. And if yes on which parts should is look? Webserver for ACME service or the Issueing CA? The Server are all on the same Switch, so also no Delay on the Wire.

rebortg avatar Apr 03 '24 21:04 rebortg

The implementation of validating the challenge is timer based. The server will essentially check every minute, if something is to do.

You can reduce the polling intervals via config file (see here https://github.com/glatzert/ACME-Server-ADCS/blob/main/src/ACME.Server.ADCS/appsettings-sample.json)

Also it'd probably a good enhancement, to "real time validate" if possible.

glatzert avatar Apr 03 '24 21:04 glatzert

this worked like charm, thnak you very much for quick response.

rebortg avatar Apr 04 '24 06:04 rebortg

I'm using this to track "real-time issuance".

Plan would be to implement a channel (producer / consumer pattern implementation in .NET), that automatically adds orders to validate and issuance respectively. A "backup" is needed in case the server restarts to pick up orders that have not yet been validated or isseud (depending on their state).

glatzert avatar Apr 04 '24 06:04 glatzert