New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Status remains at 'processing' #3406
Comments
Hi @hsleisink, Thanks for sharing your logs. Having read those I can confirm this is a duplicate of #3403 In the first log you POST the finalization URL of the order when both authorizations (and the order) are status pending. This produces a 403 In the second log I don't see the challenge response being registered but you can see both authorizations listed in the order are status valid:
and
In that second case since both authorizations are valid at the time you finalize the order, the finalization succeeds.
Can you quote which part of the RFC makes you think you should finalize the order before checking the authorizations associated with it are valid? That's not true and I believe the spec makes multiple references to the fact that you should not finalize the order until you have authorized each of the identifiers by completing the order's pending authorizations. I'm going to close this issue for now since I've confirmed it as a dupe of #3403. Thanks! |
The table at the top of page 18 at https://tools.ietf.org/html/draft-ietf-acme-acme-09 says 'finalize order' before 'polling for status'. |
@hsleisink Yes, but "finalize order" is after "Respond to challenge". The polling it mentions would be better phrased as "Poll for Order Status and Certificate URL" - the intention is that you're polling for the transition from "processing" to "valid" and the appearance of the certificate URL. You absolutely must respond to the order's authorization challenges successfully before finalization. |
Ok, so we have two polling fases. One for the authorizations and one for the creation of the certificate? |
Yes. You need to make sure the order is fully authorized before POSTing finalize. Doing otherwise shouldn't leave the order stuck in processing (that will be fixed) but it will always return an unauthorized error if any of the authorizations are not valid. |
Ok, got it. Thanks. The documentation was not really clear on that to me. I found the RFC very hard to read and understand. But that's a different story. I know enough to solve my issue. Thanks! |
@hsleisink Great! Glad to hear it. I'm hoping to ship #3404 to fix the processing bug shortly.
If you're interested I think feedback on which aspects you found hardest to understand would be welcome as a new issue on the ACME draft repository or as a new mailing list thread. There's still time for editorial work to make things clearer. |
As requested in this topic, I created some logs to solve this issue.
In the logfiles, you see an URL, followed by a payload array, followed by an array containing the response from the server.
The text was updated successfully, but these errors were encountered: