New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simultaneous waiting for several dns-challenges #59
Comments
Hello @Akkarine. Yes I understand your concern here, dns delay propagation is among the most important ones about dns challenges. There is two synchronous execution logics here that are a problem, and would be handled differently. First one is to issue a certificate with several domains in it. This is related to Certbot, the tool used by my Docker to issue LetsEncrypt certificate. Here the problem is that the authentication hook is executed by Certbot sequentially for each domain for a certificate. So the waiting time done in the authentication script expends linearly over each certificate. If it is 10 min, and you have 10 domains, overall time will be 100 min. Solving this has to be done by Certbot developers, but I am one of them, so things could move quite fast here. For instance, here is one PR to add another hook where the wait could be done: certbot/certbot#6607 Second one is to ask my Docker to create two certificates (so two lines in Here is it the direct responsability of my Docker. Indeed, each certificate issuance is done sequentially, and it is quite possible to do that asynchronously. So, what is the situation you are referring to? |
Hello @adferrand. It's accurate description of the problem. Glad you have influence to resolve this =) |
So I assume this the fist problem, having multiple domains in one certificate, that your are referring to? |
Both. Multiple wildcard domains (one line) and two lines in |
First ticket was closed. Discussion has moved to certbot/certbot#5484 |
I will adapt the logic of dnsrobocert as soon as the new version of certbot is released. |
Upcoming version 3.4.0 integrates this feature! |
It was released yesterday. Please close this ticket now. |
I'm using DNS-provider located far away from Let's Encrypt servers (Yandex). So I have to use long waiting time, like 12 hours (
LEXICON_SLEEP_TIME=43200
) to update DNS records. And I need several wildcard domain names. So now it takes 12 hours for each. Could be logic refactored to start all challanges simultaneous and then waitLEXICON_SLEEP_TIME
?The text was updated successfully, but these errors were encountered: