Last Modified: Sep 02, 2025
Affected Product(s):
BIG-IQ ADC
Known Affected Versions:
8.3.0
Opened: May 03, 2025 Severity: 3-Major
When creating or renewing a domain within the LetsEncrypt Third Party CA Management, an error occurs which states: """ Error on server request 1. The system returned an unexpected error (400 Bad Request). Failed to get auth: """ With an instrumented BIG-IQ JAR file, response from LetsEncrypt ACME server would be a 503, which includes a 'Retry-After' HTTP header.
When renewing or creating a new domain, BIG-IQ sends a newOrder request that contains all the domains managed in the LetsEncrypt configuration into the request's "identifiers" field. When LetsEncrypt sends back a response, that response contains >= 20 new-nonce URLs. BIG-IQ then sends >= 20 new-nonce requests towards the ACME server, resulting in the LetsEncrypt limits being reached. See https://letsencrypt.org/docs/rate-limits/.
Domains managed is equal or greater than 20 within the same LetsEncrypt configuration group.
Limit the domains managed in a single LetsEncrypt CA Management group to less than 20 domains.
None