I have a system which process many domains. Most often they go through without problems. Sometimes they fail for reasonable reasons, i.e. dns not pointed appropriately, etc.

Other times, I have no idea why a particular domain is failing. For example, with this domain:

www.divorcesourceapp.com

This is the response I receive
[{"msg":"Updating cert for www.divorcesourceapp.com, received err Error: Forbidden: {\n \"type\": \"urn:ietf:params:acme:error:orderNotReady\",\n \"detail\": \"Order's status (\\\"invalid\\\") is not acceptable for finalization\",\n \"status\": 403\n}, Error: Forbidden: {\n \"type\": \"urn:ietf:params:acme:error:orderNotReady\",\n \"detail\": \"Order's status (\\\"invalid\\\") is not acceptable for finalization\",\n \"status\": 403\n}\n at agent.post.type.send.catch.err (/var/task/src/acme/v2/sendSignedRequestV2.js:17:15)\n at <anonymous>\n at process._tickDomainCallback (internal/process/next_tick.js:228:7)","err":true}]

When I hit the status url, this is the output:
{ "type": "urn:ietf:params:acme:error:malformed", "detail": "Expired authorization", "status": 404 }

Not sure what it means with “expired authorization”

Here is the challenge url: http://www.divorcesourceapp.com/.well-known/acme-challenge/DC1OqDIeTJfIXsFRrfNyRuOerDqt2tL67W9N-KKqNzk

Here is the status url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/891629786/R1pb7g

Any ideas?

Hi @agentfitz

that configuration is buggy - https://check-your-website.server-daten.de/?q=divorcesourceapp.com

There are ipv4- and ipv6 addresses:

But a lot of different answers - ipv4 answers with a 301, ipv6 with a 200 etc.

Looks like your ipv6 doesn't work -> fix your ipv6.

Same with your certificates - ipv6 has the correct certificate, ipv4 has a wrong cert 117photography.com.

Looks like your vHost configuration is broken.

Very helpful response, thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.