Increase default network timeout to 30 seconds

2025-08-16 10:25:32 +02:00 · 2025-08-16 10:25:32 +02:00 · dc7182ca1f
parent 294d977757
commit dc7182ca1f
6 changed files with 8 additions and 4 deletions
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/NetworkSettings.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/NetworkSettings.java
@ -35,7 +35,7 @@ public class NetworkSettings {
    public static final String GZIP_PROPERTY_NAME = "org.shredzone.acme4j.gzip_compression";

    private ProxySelector proxySelector = HttpClient.Builder.NO_PROXY;
-    private Duration timeout = Duration.ofSeconds(10);
+    private Duration timeout = Duration.ofSeconds(30);
    private @Nullable Authenticator authenticator = null;
    private boolean compression = true;

--- a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/NetworkSettingsTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/NetworkSettingsTest.java
@ -45,7 +45,7 @@ public class NetworkSettingsTest {
        settings.setProxySelector(null);
        assertThat(settings.getProxySelector()).isEqualTo(HttpClient.Builder.NO_PROXY);

-        assertThat(settings.getTimeout()).isEqualTo(Duration.ofSeconds(10));
+        assertThat(settings.getTimeout()).isEqualTo(Duration.ofSeconds(30));
        settings.setTimeout(Duration.ofMillis(5120));
        assertThat(settings.getTimeout()).isEqualTo(Duration.ofMillis(5120));

--- a/src/doc/docs/ca/zerossl.md
+++ b/src/doc/docs/ca/zerossl.md
@ -15,7 +15,7 @@ ZeroSSL does not provide a staging server (as of February 2024).
 * ZeroSSL requires account creation with [key identifier](../usage/account.md#external-account-binding).
 * ZeroSSL makes use of the retry-after header, so expect that the `fetch()` methods return an `Instant`, and wait until this moment has passed (see [example](../example.md)).
 * Certificate creation can take a considerable amount of time (up to 24h). The retry-after header still gives a short retry period, resulting in a very high number of status update reattempts.
-* Server response can be very slow sometimes. It is recommended to set a timeout of 30 seconds or higher in the [network settings](../usage/advanced.md#network-settings).
+* Server response can be very slow sometimes. If there are frequent timeouts, you can increase the duration in the [network settings](../usage/advanced.md#network-settings).

 !!! note
    If you have used the [example code](../example.md) of _acme4j_ before version 3.2.0, please review the updated example for how to use ZeroSSL with _acme4j_.
--- a/src/doc/docs/migration.md
+++ b/src/doc/docs/migration.md
@ -7,6 +7,7 @@ This document will help you migrate your code to the latest _acme4j_ version.
 - Removed all methods that were marked as deprecated.
 - _acme4j_ requires JRE 17 or higher now.
 - In order to keep the API consistent, the static method `Dns01Challenge.toRRName()` is replaced with a class method `Dns01Challenge.getRRName()`. So all you have to do is to invoke `challenge.getRRName()` instead of `Dns01Challenge.toRRName()`.
+- Default network timeout has been increased from 10 seconds to 30 seconds. If you require short timeouts, you can change the duration in the [network settings](usage/advanced.md#network-settings).

 ## Migration to Version 3.5.0

--- a/src/doc/docs/usage/advanced.md
+++ b/src/doc/docs/usage/advanced.md
@ -76,6 +76,6 @@ To select another language, use `Session.setLocale()`. The change will only affe
 You can use `Session.networkSettings()` to change some network parameters for the session.

 * If a proxy must be used for internet connections, you can set a `ProxySelector` instance via `setProxySelector()`.
-* To change network timeouts, use `setTimeout()`. The default timeout is 10 seconds. You can either increase the timeout for poor network connections, or reduce it to fail early on network errors. The change affects connection and read timeouts.
+* To change network timeouts, use `setTimeout()`. The default timeout is 30 seconds. You can either increase the timeout for poor network connections, or reduce it to fail early on network errors. The change affects connection and read timeouts.
 * If you need authentication (e.g. for the proxy), you can set an `Authenticator` via `setAuthenticator()`. Be careful here! Most code snippets I have found on the internet will send out the full proxy credentials to anyone who is asking. You should check `Authenticator.getRequestorType()` and make sure it is `RequestorType.PROXY` before sending the proxy credentials.
 * _acme4j_ accepts HTTP `gzip` compression by default. If it should impede debugging, it can be disabled via `setCompressionEnabled(false)`.
--- a/src/doc/docs/usage/order.md
+++ b/src/doc/docs/usage/order.md
@ -121,6 +121,9 @@ It depends on the CA if other CSR properties (like _Organization_, _Organization

 You can also create a custom CSR, and pass it to the order with either `execute(PKCS10CertificationRequest csr)` or `execute(byte[] csr)`.

+!!! note
+    Some CAs may take a considerable amount of time (30 seconds or more) for finalizing an order. As this call is synchronous, be prepared that the process is blocked for that time. If you experience frequent timeouts with your CA, you can increase the timeout duration in the [network settings](advanced.md#network-settings).
+
 !!! note
    According to RFC-8555, the correct technical term is _finalization_ of an order. However, Java has a method called `Object.finalize()` which is problematic and should not be used. To avoid confusion with that method, the finalization methods are intentionally called `execute` in _acme4j_.