Let max retries exit the CA processing step instead of retryAfter#6587
Let max retries exit the CA processing step instead of retryAfter#6587ignoramous wants to merge 2 commits intoacmesh-official:devfrom
Conversation
MAX_REQUEST_RETRY_TIMES controls no. of retries acme.sh will perform when the CA is processing issue requests. Instead of short-circuiting the entire operation when retryAfter is set to more than 10m (600 seconds), wait for a maximum of 10m and issue a retry. Some CAs, like ZeroSSL, set very high retryAfter.
|
Emitting Even after these changes, a few places with |
|
if the retryafter is too large, it usually means the ca is refusing your requests. so we should give up. |
What I've found with ZeroSSL is, when there are 8+ domains in a single cert request, it takes a while (I've seen it take 10mins). But their |
There was a problem hiding this comment.
Pull request overview
This PR adjusts the retry behavior when the CA server's retry-after value exceeds 600 seconds. Instead of exiting the CA processing step immediately, the code now sleeps for 600 seconds and continues the retry loop, allowing the process to complete more reliably.
- Changed retry-after timeout handling to sleep for 600 seconds instead of exiting immediately
- Upgraded informational messages to error messages for better visibility of retry exhaustion scenarios
- Enhanced error message clarity by including the file path in the domain key error
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| _info "The retryafter=$_retryafter value is too large (> 600); sleeping for 600 seconds." | ||
| _sleep 600 |
There was a problem hiding this comment.
The retry-after handling is now inconsistent between the two locations. At line 2318 in _send_signed_request(), when retry-after exceeds 600, the code logs an error and exits the retry loop. However, at line 5197 in the CA processing step, when retry-after exceeds 600, the code sleeps for 600 seconds and continues retrying. This inconsistency could lead to confusion about the expected behavior. Consider aligning these two behaviors or documenting why they should differ.
| _info "The retryafter=$_retryafter value is too large (> 600); sleeping for 600 seconds." | |
| _sleep 600 | |
| _err "$d: Retry-After value ($_retryafter) is too large (> 600); aborting verification." | |
| _clearupwebbroot "$_currentRoot" "$removelevel" "$token" | |
| _clearup | |
| _on_issue_err "$_post_hook" "$vlist" | |
| return 1 |
| _clearup | ||
| _on_issue_err "$_post_hook" "$vlist" | ||
| return 1 | ||
| _info "The retryafter=$_retryafter value is too large (> 600); sleeping for 600 seconds." |
There was a problem hiding this comment.
The error message uses a semicolon delimiter while the similar error message at line 2318 uses a comma. For consistency across error messages, consider using the same delimiter in both places.
| _info "The retryafter=$_retryafter value is too large (> 600); sleeping for 600 seconds." | |
| _info "The retryafter=$_retryafter value is too large (> 600), sleeping for 600 seconds." |
| continue | ||
| else | ||
| _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." | ||
| _err "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." |
There was a problem hiding this comment.
After logging the error, the code should break out of the loop or return to exit the retry logic. Currently, execution falls through to line 2321 and continues processing other error conditions, which is inconsistent with the error message "will not retry anymore." Consider adding a break or return statement after this error message.
| _err "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." | |
| _err "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." | |
| break |
For background see: