Order's status (\"invalid\") is not acceptable for finalization

JonahGroendal / acme-easy

An ACME client for the browser that authenticates via DNS-01 challenge and supports LetsEncrypt by default.

https://www.npmjs.com/package/acme-easy

MIT License

2 stars 1 forks source link

Order's status (\"invalid\") is not acceptable for finalization #12

Closed maielo closed 1 year ago

maielo commented 1 year ago

Hello,

First thanks for the lib :). Toying around ssl certs and it really helped. But for some reason i can't finalize the dns validation

run first part as it is in example.
using API updates vercels dns record with supplied values.
waiting ~10 mins for DNS to propagate.
submitDnsChallengeAndFinalize & it fails

Error: {"type":"urn:ietf:params:acme:error:orderNotReady","detail":"Order's status (\"invalid\") is not acceptable for finalization","status":403}

don't know why. It fails at postOrderFinalize. (dns record exists, server is not yet accessible tho)

JonahGroendal commented 1 year ago

Hey, glad it's been helpful.

In my experience, this usually means you didn't wait long enough after setting the DNS record. 10 minutes is what I needed on Google DNS but other hosts might be different. Have you tried waiting longer? Otherwise maybe your DNS record wasn't set correctly.

If waiting longer doesn't work I'll give it a try myself to make sure the library isn't broken

JonahGroendal commented 1 year ago

Looks like Lets Encrypt's staging environment is currently down so that could be the issue

JonahGroendal commented 1 year ago

It seems to be working fine for me. I've updated the package to fix an issue with expiring replay nonces. Please update to 1.1.2 and try waiting ~30 mins after creating the DNS record

maielo commented 1 year ago

Thanks!

just tested it and it works. Also my issiue was that record name per acme _acme- but it actually needs to be _acme-.