starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Improvement: Retry logic #516

New Issue
Open
opened 2025-12-29 01:26:36 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:26:36 +01:00
Owner
Copy Link

Originally created by @lukas2511 on GitHub (Dec 10, 2020).

Dehydrated currently doesn't have retry logic and just aborts after a single failure (or just continues with the next certificate).

There have been several tickets about this issue, this one should consolidate those tickets and serve as a reference point for future quick-closes.

Originally created by @lukas2511 on GitHub (Dec 10, 2020). Dehydrated currently doesn't have retry logic and just aborts after a single failure (or just continues with the next certificate). There have been several tickets about this issue, this one should consolidate those tickets and serve as a reference point for future quick-closes.
adam commented 2025-12-29 01:26:36 +01:00
Author
Owner
Copy Link

@Exagone313 commented on GitHub (Jun 11, 2021):

I've had an issue for a while (a few months) where dehydrated fails to renew the certificates due to issues with Let's Encrypt's own DNS resolver, that randomly fails to resolve CAA records (even for top-level domains sometimes).

The definitive fix is implementing a retry logic. This is not something I would write naively, it needs at the very least to be considerate with rate limits.

Here is a partial result output, so that this issue appears in searches.

{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "During secondary validation: DNS problem: query timed out looking up CAA for xyz",
    "status": 400
  }
}

The wordaround I have is to run dehydrated more often than before, hoping a next run will have more luck.

@Exagone313 commented on GitHub (Jun 11, 2021): I've had an issue for a while (a few months) where dehydrated fails to renew the certificates due to issues with Let's Encrypt's own DNS resolver, that randomly fails to resolve CAA records (even for top-level domains sometimes). The definitive fix is implementing a retry logic. This is not something I would write naively, it needs at the very least to be considerate with rate limits. Here is a partial result output, so that this issue appears in searches. ```json { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:dns", "detail": "During secondary validation: DNS problem: query timed out looking up CAA for xyz", "status": 400 } } ``` The wordaround I have is to run dehydrated more often than before, hoping a next run will have more luck.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#516
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?