Hi,
I am working on updating our internal ACME client to support the new ACME v2 protocol. However, I am running into an issue with orders being stuck in the “processing” state.
Here is an example order, with two (failed, invalid) authorizations:
https://acme-staging-v02.api.letsencrypt.org/acme/order/5443856/3128
Both authorizations are correctly flagged as invalid, however the order is forever in the processing
status.
This is the response when I first attempted to finalize the order:
{'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': 'Error finalizing order :: authorizations for these names not found or expired: eirikrye.no, www1.eirikrye.no', 'status': 403}
This is fair. However, I would expect this to change the status of my order from pending
to invalid
.
For subsequent requests to finalize the order, I receive this response:
{'type': 'urn:ietf:params:acme:error:malformed', 'detail': 'Order\'s status ("processing") was not pending', 'status': 400}
According the to the ACME specification, a status of processing
means
The server agrees that the requirements have been
fulfilled, and is in the process of generating the certificate.
Retry after the time given in the “Retry-After” header field of
the response, if any.
This is obviously incorrect in the case for this order as the authorizations have both failed, and the requirements have not been fulfilled. The expected status for this order would be invalid
.
The problem this causes is that it is impossible for the same account to create a new order for the same identifiers, as a newOrder
request will only return the same (processing) order.