Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: redirector.tst.wifi.kpn.com
I ran this command: IOrderContect.Finalize
It produced this output:
Abort Process - Certificate creation failed with message [Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/finalize/1638122827/517630389956'.
urn:ietf:params:acme:error:unauthorized: Error finalizing order :: authorizations for these identifiers not valid: redirector.tst.wifi.kpn.com].
We were able to create certificates just fine until today
what authz page for that identifier says?
https://acme-v02.api.letsencrypt.org/acme/authz/[something]/[something]
(find it from log)
POST /acme/finalize/1638122827/517630389956
returns a resultcode 403.
We are abel to create an order with our credentials en until today finalizing an order was working fime as well.
you are trying to finalize cetificate without actually doing the challenge, so your acme client is broken-ish but I'm more interested why challenge failed
We are using a C# application (function App) to generate our certificates.
This is the challenge.
https://acme-v02.api.letsencrypt.org/acme/chall/1638122827/715428649516/lmfZEw
{
}
did you find anything under /acme/order/1638122827 ?
Hi, we are hitting same issue, verification passes but when signing certificate:
Url: https://acme-v02.api.letsencrypt.org/acme/finalize/3138291237/517654982526
Response Code: 404
Response: {'type': 'urn:ietf:params:acme:error:malformed', 'detail': 'No order for ID 517654982526', 'status': 404}
It'd need jws signed by you account key with valid nonce. You may hit some race condition an try again with you client may wotk
We tried again.
We now receive another error.
POST /certificates/redirector-tst-wifi-kpn-com/create
returns a 409 (conflict)
An invalid request URI was provided. Either the request URI must be an absolute URI or BaseAddress must be set.
do you happen to have source code of that C# thing?
We haven't changed anything on our site. And with the same code we were able to generate certificates today.
6/3/2026, 9:05:56.494 AM Certificate with name: ottbrokerapi-dev-ott-kpn-com. Status: Created
6/3/2026, 9:03:37.236 AM Certificate with name: internet-veilig-tst-kpn-com. Status: Created
6/3/2026, 9:02:21.527 AM Certificate with name: disney--api-dev-ott-kpn-com. Status: Created
After 9:07 CET we receive errors
6/3/2026, 11:48:06.255 AM exception
6/3/2026, 9:41:48.704 AM exception
6/3/2026, 9:07:17.279 AM exception
6/3/2026, 9:07:08.530 AM exception
6/3/2026, 9:07:05.049 AM exception
6/3/2026, 9:07:02.643 AM exception
Yes I have the source code.
looks like Error renewing certificates, Error finalizing order :: authorizations for these identifiers not found: have same problem:
I personall think this is some kind of database out of sync type of thing, but last boulder version update as may 29th so have no idea.
I think this sould be some service related problem, but it seems we all are unable to renew-create certificates right now. How can we reach the system administrators?
I have contacted LE staff to look into things. (1)
We successfully created seven certificates during the automated process this morning. The issue appears to be resolved.