Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Order status invalid #5

Closed
bhoeferlin opened this issue Dec 6, 2021 · 5 comments
Closed

Order status invalid #5

bhoeferlin opened this issue Dec 6, 2021 · 5 comments
Labels
bug Something isn't working

Comments

@bhoeferlin
Copy link

I get always this error org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization at finalizeOrder. Certbot with same ports as standalone works fine and Spring Boot App delivers at port 80. Any suggestions?
@valb3r
Copy link
Owner

valb3r commented Dec 6, 2021

@bhoeferlin Quite hard to tell, it can be i.e. you haven't accepted LetsEncrypt Terms of service in case it is new keystore, there should be a message in logs indicating that, is there any log messages from the library available - they may indicate the reason

I'll improve logging to provide more information later on weekends

@valb3r valb3r added the bug Something isn't working label Dec 6, 2021
@valb3r
Copy link
Owner

valb3r commented Dec 7, 2021
edited
Loading

I've created test VM+domain with https://github.com/valb3r/letsencrypt-helper/tree/master/example application and it works perfectly, so it is not some obvious bug.
Meanwhile, can it be a configuration application configuration issue?
Order's status ("invalid") is always reproducible when lets-encrypt-helper.domain has the wrong value (i.e. not your own domain)

Example logs when domain is incorrect:

2021-12-07 07:28:56.915  INFO 2073 --- [           main] example.SpringBootApp                    : Starting SpringBootApp on letsencrypt-test with PID 2073 (/home/root/letsencrypt-helper-example-0.1.3-SNAPSHOT.jar started by root in /home/root)
2021-12-07 07:28:56.928  INFO 2073 --- [           main] example.SpringBootApp                    : No active profile set, falling back to default profiles: default
2021-12-07 07:29:03.621  INFO 2073 --- [           main] lKnownLetsEncryptChallengeEndpointConfig : Created basic (dummy cert, real account/domain keys) KeyStore: /home/root/letsencrypt-keystore
2021-12-07 07:29:04.101  INFO 2073 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 443 (https) 80 (http)
2021-12-07 07:29:04.238  INFO 2073 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2021-12-07 07:29:04.244  INFO 2073 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.38]
2021-12-07 07:29:04.806  INFO 2073 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2021-12-07 07:29:04.831  INFO 2073 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 7714 ms
2021-12-07 07:29:06.071  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:29:07.132  INFO 2073 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2021-12-07 07:29:08.603  INFO 2073 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 443 (https) 80 (http) with context path ''
2021-12-07 07:29:08.631  INFO 2073 --- [           main] example.SpringBootApp                    : Started SpringBootApp in 13.301 seconds (JVM running for 14.964)
2021-12-07 07:29:09.265  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:29:13.007  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:29:13.497  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null

org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

2021-12-07 07:29:13.499  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore

java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	... 3 common frames omitted

2021-12-07 07:30:14.085  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Please review carefully and accept TOS https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2021-12-07 07:30:16.139  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Starting order challenges
2021-12-07 07:30:19.737  INFO 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Completed order challenges
2021-12-07 07:30:20.166  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed order execution: null

org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

2021-12-07 07:30:20.168  WARN 2073 --- [ificate Watcher] lKnownLetsEncryptChallengeEndpointConfig : Failed updating KeyStore

java.lang.RuntimeException: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:429) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.executeCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:327) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.letsEncryptCheckCertValidityAndRotateIfNeeded(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:299) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: org.shredzone.acme4j.exception.AcmeServerException: Order's status ("invalid") is not acceptable for finalization
	at org.shredzone.acme4j.connector.DefaultConnection.throwAcmeException(DefaultConnection.java:548) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.performRequest(DefaultConnection.java:479) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:407) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.connector.DefaultConnection.sendSignedRequest(DefaultConnection.java:161) ~[acme4j-client-2.12.jar!/:na]
	at org.shredzone.acme4j.Order.execute(Order.java:166) ~[acme4j-client-2.12.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.finalizeOrder(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:435) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	at com.github.valb3r.letsencrypthelper.tomcat.TomcatWellKnownLetsEncryptChallengeEndpointConfig.updateCertificateAndKeystore(TomcatWellKnownLetsEncryptChallengeEndpointConfig.java:418) ~[letsencrypt-helper-tomcat-0.2.0.jar!/:na]
	... 3 common frames omitted

@valb3r
Copy link
Owner

valb3r commented Dec 7, 2021

@bhoeferlin I've released 0.2.1 with better logging - it provides LetsEncrypt URLs with order/authorization status in logs, that would describe an error better

@bhoeferlin
Copy link
Author

Thanks alot - this helped very much. The first issue was that I forgot to remove the challenge endpoint from authentication. Another issue was the Thymeleaf template resolver. Had to return null in handleRequestInternal. No it works great - thank you for all your effort - great project!!

@valb3r valb3r closed this as completed Dec 7, 2021
@valb3r
Copy link
Owner

valb3r commented Dec 7, 2021

@bhoeferlin Incorporated your feedback for Thymeleaf in 0.2.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bhoeferlin @valb3r