Servers SHOULD check that the identified certificate and the New Order request correspond to the same ACME Account, that they share at least one identifier, and that the identified certificate has not already been marked as replaced by a different pending or finalized Order.
Section 5 currently says (emphasis mine):
"pending" is an Order object status, but "finalized" is not.
There are a couple of problems with this language AIUI:
Here are a couple of wordsmithing attempts for your consideration: