Process for handling retries for failed certificate generation

If generating a certificate fails, e.g. a DNS challenge fails after tls.automation.policies.issuers.challenges.dns.provider.max_retries, is the domain then in a permanent state without an ssl certificate, or what would trigger Caddy to try again? Can we trigger a retry using the api (if the config hasn’t changed)?

Looking at the api docs I don’t see anything specific for this but did see the must-revalidate option - would this kind of reload cause caddy to re-try fetching missing certs?

If the new config is the same as the current one, no reload will occur. To force a reload, set Cache-Control: must-revalidate in the request headers.

max_retries isn’t a Caddy/CertMagic thing. I’m not sure where you got that from. It’s not here: JSON Config Structure - Caddy Documentation. What DNS provider plugin are you using?

Caddy will continually retry to issue a cert for up to 30 days, with exponential backoff, as per the docs here: Automatic HTTPS — Caddy Documentation

Right, so to clarify as Francis said, max_retries sounds like something specific to your DNS provider, given that psuedo-path in a JSON config structure (“… .dns.provider.max_retries”) – I’m also not quite sure what you’re asking or talking about since we don’t know which DNS provider you are referring to. It is likely a feature in a separate plugin that we don’t have anything to do with (other than making it available on our site for download).

This topic was automatically closed after 30 days. New replies are no longer allowed.