Error finalizing order (500 Internal Server Error)

ClayRabbit · July 5, 2018, 2:40pm

Hello

We have issues with renewing certificate for one of the domains (stagira.ru)

We are using DirectAdmin control panel, so I created topic here: https://forum.directadmin.com/showthread.php?t=56539 but still no help.

As I can see final request to acme-v02.api.letsencrypt.org/acme/finalize/… is failed with 500 Internal Server Error and “Error finalizing order” message without any additional details.

What is the cause of this error?

Thank you.

JuergenAuer · July 5, 2018, 4:25pm

Hi @ClayRabbit

normally, I would say: http-status 500 - temporary - try it again. But there

On the next day renew failed with "Error finalizing order":
And this is repeating every day for 16 days already.

Looks like your client is buggy creating the finalize-command.

Boulder-Requester: 35454940

Is there a client-update of DirectAdmin? Or is it possible to use a client like Certbot?

cpu · July 5, 2018, 4:56pm

Hi @ClayRabbit, apologies for the difficulty you're encountering. I'll look into this - I believe it is a bug on our side.

I don't believe the problem is related to DirectAdmin.

Thanks for your patience, I will reply with more information when I can.

cpu · July 5, 2018, 5:39pm

Hi again @clayrabbit,

I can confirm this is a bug on our side. In a nutshell one of your ACME account's authorizations managed to get into a stuck state. We're going to look at addressing the bug that caused this so it won't happen again but in the meantime I have some advice to get you "unstuck".

Do you know if its possible to create a new ACME account using DirectAdmin? If you can reset your Let's Encrypt state, create a new ACME account, and reissue your certificates with that account you should be able to continue without error.

You will also become automatically "unstuck" 2018-07-12 at 21:43:19 UTC but I think we can find a solution for you before then.

Again, apologies for the inconvenience!

ClayRabbit · July 6, 2018, 5:54am

I see. Thank you. I’ll wait for your fix or for cert expiration on 2018-07-12 in worst case.
Currently I don’t know how to create a new ACME account using directadmin, so I’ll ask in forum.directadmin.com thread.

_az · July 6, 2018, 6:11am

Check this thread out - Troubleshooting Let's Encrypt Errors | Directadmin Docs

/usr/local/directadmin/data/users/username/letsencrypt.key

This is your ACME account key. If you move it out of this directory, DirectAdmin should regenerate it for you (by creating a new ACME account) next time you try to issue a certificate.

system · August 5, 2018, 6:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.