attested_tls::AttestedCertifcateResolver periodically generates a new attested certificate - that is, a new attestation and a TLS certificate with the attestation embedded as an extension.
If the renewal fails for whatever reason, it will wait and then re-try periodically. This is currently configured to 30 seconds wait before retrying.
We could introduce an exponential backoff on the retry delay, truncated to some maximum duration.
For context, the most likely thing to fail during certificate renewal is the attestation generation. The other error paths are related to signing or processing the certificate and keypair, and unlikely to fail unless something is very wrong.
attested_tls::AttestedCertifcateResolverperiodically generates a new attested certificate - that is, a new attestation and a TLS certificate with the attestation embedded as an extension.If the renewal fails for whatever reason, it will wait and then re-try periodically. This is currently configured to 30 seconds wait before retrying.
We could introduce an exponential backoff on the retry delay, truncated to some maximum duration.
For context, the most likely thing to fail during certificate renewal is the attestation generation. The other error paths are related to signing or processing the certificate and keypair, and unlikely to fail unless something is very wrong.