Update generated docs

Keyfactor · Keyfactor · commit d57a526768f2 · 2026-06-10T22:48:33.000Z
diff --git a/README.md b/README.md
@@ -151,6 +151,8 @@ CERTInext operates three separate environments. Use the sandbox environment for
         * **DcvTimeoutMinutes** - OPTIONAL: Maximum minutes to wait for the entire DCV flow (DNS publish + propagation + verify) before timing out the enrollment. Can also be set via the CERTINEXT_DCV_TIMEOUT_MINUTES environment variable; the env var takes precedence when both are set. Default: 10. 
         * **DcvWaitForChallengeSeconds** - OPTIONAL: How long (seconds) the plugin will wait inside Enroll() for CERTInext to expose the DCV challenge (i.e. populate `domainVerification` in TrackOrder). Under concurrent load CERTInext sometimes takes a few seconds after GenerateOrderSSL before the slot appears. Without this wait, the plugin's initial TrackOrder check sees null and skips DCV — the order then has to wait for the next gateway sync cycle to be picked up. Setting to 0 disables the wait (single-check behaviour). Can also be set via the CERTINEXT_DCV_WAIT_FOR_CHALLENGE_SECONDS environment variable; the env var takes precedence when both are set. Default: 60. 
         * **DcvWaitForIssuanceSeconds** - OPTIONAL: How long (seconds) the plugin will wait inside Enroll() after DCV verifies for CERTInext to finish generating the certificate. CERTInext issuance is async — DCV may be verified but the cert PEM isn't yet available for download. Without this wait, Enroll() returns a pending result and the issued cert is picked up by the next sync cycle. Setting to 0 disables the wait (single-fetch behaviour). Can also be set via the CERTINEXT_DCV_WAIT_FOR_ISSUANCE_SECONDS environment variable; the env var takes precedence when both are set. Default: 60. 
+        * **DcvSyncMaxOrderAgeHours** - OPTIONAL: During synchronization, only pending DV orders younger than this many hours are eligible to be driven through DCV. This keeps a sync pass fast when there is a large backlog of old, never-completing pending orders (e.g. abandoned orders or domains outside the configured DNS provider's zone): they age out and are simply reported as pending rather than retried every pass. Recently-placed orders (the ones that legitimately deferred DCV) are always within the window and complete via the normal scan cadence. Set to 0 to disable the age filter (attempt DCV for all pending). Default: 24. 
+        * **DcvSyncMaxPerPass** - OPTIONAL: Maximum number of pending DV orders the plugin will attempt to drive through DCV in a single synchronization pass. Bounds the per-pass cost regardless of backlog size; remaining pending orders are reported as-is and picked up on a later pass (the per-minute incremental scan keeps recent orders moving). Set to 0 to disable the cap. Default: 50. 
 
 2. A Keyfactor Command certificate template maps an enrollment request to a specific CERTInext product. Create one template per CERTInext product that you want to make available to requesters.
 
diff --git a/integration-manifest.json b/integration-manifest.json
@@ -167,7 +167,7 @@
                 },
                 {
                     "name": "DcvSyncMaxOrderAgeHours",
-                    "description": "OPTIONAL: During synchronization, only pending DV orders younger than this many hours are eligible to be driven through DCV. Keeps a sync pass fast when there is a large backlog of old, never-completing pending orders (abandoned orders, or domains outside the configured DNS provider's zone) \u2014 they age out and are reported as pending rather than retried every pass. Recently-placed orders (those that legitimately deferred DCV) are always within the window and complete via the normal scan cadence. Set to 0 to disable the age filter. Default: 24."
+                    "description": "OPTIONAL: During synchronization, only pending DV orders younger than this many hours are eligible to be driven through DCV. This keeps a sync pass fast when there is a large backlog of old, never-completing pending orders (e.g. abandoned orders or domains outside the configured DNS provider's zone): they age out and are simply reported as pending rather than retried every pass. Recently-placed orders (the ones that legitimately deferred DCV) are always within the window and complete via the normal scan cadence. Set to 0 to disable the age filter (attempt DCV for all pending). Default: 24."
                 },
                 {
                     "name": "DcvSyncMaxPerPass",

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@`
`167`	`167`	`},`
`168`	`168`	`{`
`169`	`169`	`"name": "DcvSyncMaxOrderAgeHours",`
`170`		- "description": "OPTIONAL: During synchronization, only pending DV orders younger than this many hours are eligible to be driven through DCV. Keeps a sync pass fast when there is a large backlog of old, never-completing pending orders (abandoned orders, or domains outside the configured DNS provider's zone) \u2014 they age out and are reported as pending rather than retried every pass. Recently-placed orders (those that legitimately deferred DCV) are always within the window and complete via the normal scan cadence. Set to 0 to disable the age filter. Default: 24."
	`170`	+ "description": "OPTIONAL: During synchronization, only pending DV orders younger than this many hours are eligible to be driven through DCV. This keeps a sync pass fast when there is a large backlog of old, never-completing pending orders (e.g. abandoned orders or domains outside the configured DNS provider's zone): they age out and are simply reported as pending rather than retried every pass. Recently-placed orders (the ones that legitimately deferred DCV) are always within the window and complete via the normal scan cadence. Set to 0 to disable the age filter (attempt DCV for all pending). Default: 24."
`171`	`171`	`},`
`172`	`172`	`{`
`173`	`173`	`"name": "DcvSyncMaxPerPass",`