From 043a622e9d1287404b86041ee0305dee52f36f49 Mon Sep 17 00:00:00 2001 From: ignoramous Date: Thu, 30 Oct 2025 02:51:20 +0530 Subject: [PATCH] Let max retries exit the CA processing step instead of retryAfter MAX_REQUEST_RETRY_TIMES controls no. of retries acme.sh will perform when the CA is processing issue requests. Instead of short-circuiting the entire operation when retryAfter is set to more than 10m (600 seconds), wait for a maximum of 10m and issue a retry. Some CAs, like ZeroSSL, set very high retryAfter. --- acme.sh | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index 7caec290..214d1fc7 100755 --- a/acme.sh +++ b/acme.sh @@ -2305,7 +2305,7 @@ _send_signed_request() { _sleep $_sleep_overload_retry_sec continue else - _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." + _err "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." fi fi if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then @@ -2323,7 +2323,7 @@ _send_signed_request() { fi return 0 done - _info "Giving up sending to CA server after $MAX_REQUEST_RETRY_TIMES retries." + _err "Giving up sending to CA server after $MAX_REQUEST_RETRY_TIMES retries." return 1 } @@ -5170,11 +5170,8 @@ $_authorizations_map" if [ $_sleep_overload_retry_sec -le 600 ]; then _sleep $_sleep_overload_retry_sec else - _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." - _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - _clearup - _on_issue_err "$_post_hook" "$vlist" - return 1 + _info "The retryafter=$_retryafter value is too large (> 600); sleeping for 600 seconds." + _sleep 600 fi fi done @@ -6322,7 +6319,7 @@ revoke() { fi fi else - _info "Domain key file doesn't exist." + _err "Domain key file $CERT_KEY_PATH doesn't exist." fi return 1 }