Large Number of Domains Not Getting Certificates

We imported about 2000 domains using the csv import. Some of them weren’t setup correctly in IIS when we first did they import, so they failed to get a certificate a couple times. The app doesn’t seem to be retrying those anymore. It has been a couple weeks since we did the import. You can go to individual sites and click the button and the certificate is created correctly. If I click “Renew All” or use the command line “certify renew” it just goes through all the sites that already have certificates and says they don’t need to be done because they aren’t expired. About 600 of the sites have certificates now, but there are still 1400 that don’t.

Is there some other way to make it start retrying all these again? Does it have something to do with the large number of sites?

Thank you.

Hi Matt,
When a renewal fails we gradual retry less frequently and eventually fallback to trying every 48 hrs and this should be in order of the oldest date last renewed (or items never renewed).

However, internally we will attempt a maximum of 50 renewals per batch. So if they all fail then these will be the same ones we attempt next time which could end up in a loop.

From your description though it sounds like there is some other limiting factor in the logic. Could you send through some log files and a copy of your C:\ProgramData\Certify\manageditems.db to to support at I can use that to test/debug.

With imports I’d recommend doing them in smaller batches (up to 300), importing the next batch once the first batch is working. I’ll add that to the docs.