lego icon indicating copy to clipboard operation
lego copied to clipboard
verified publisher icon go-acme

lego ignores retry-after timer included in order polling response

Open grindsa opened this issue 4 years ago • 0 comments

Welcome

  • [X] Yes, I've searched similar issues on GitHub and didn't find any.

How do you use lego?

Binary

Detailed Description

Hi,

I am using lego to test a non-Letsencrypt server implementation

Platform is Ubuntu 18.04, I am using your lego 4.6.0 binary

Certificate enrolment except for situations in which certificate issuance gets delayed by CA server. In such case the my acme-proxy will set the status of the order resource to “processing”, returns a “Retry-After” header as part of the response to client and expects client to send a new polling request after this period (as described RFC 8555 section 7.4).

Based on my logs I see that lego ignores the "Retry-After" timer and polls the order resource 0.5second interval for 30seconds. If the CA server will not issue a certificate within this period the certificate enrolment will fail.

I know that the timeout can be adjusted by setting the --cert.timeout flag but do you see any chance set the polling interval based on the retry-after value?

Thank you for your help and have a nice day. /GrindSa

grindsa avatar Feb 23 '22 20:02 grindsa