Error when finalizing the order

Hi, we randomly get this error when finalizing the order…,.
Any idea what we are doing wrong?

Order for domains '["*.6ac05029-f23b.dev-serving.knative.dev.appdomain.cloud","*.6ac05029-f23b-4fea-b7b5-6cbce41161f2.dev-serving.knative.dev.appdomain.cloud"]' - CSR response status code: '403' and body '{"type":"urn:ietf:params:acme:error:orderNotReady","detail":"Order's status (\"valid\") is not acceptable for finalization","status":403}'

Thanks

But you can see that the status is valid: (\"valid\") is not acceptable for finalization

Yes, my bad.

valid is the state of the order after it has been finalized and the certificate has been issued (you can only finalize an order which is ready):

    pending --------------+
      |                  |
      | All authz        |
      | "valid"          |
      V                  |
    ready ---------------+
      |                  |
      | Receive          |
      | finalize         |
      | request          |
      V                  |
  processing ------------+
      |                  |
      | Certificate      | Error or
      | issued           | Authorization failure
      V                  V
    valid             invalid

                    State Transitions for Order Objects

So in your case, this would mean that you are trying to finalize the order more than once.

2 Likes

Thanks! i will check it…

Hi…so after finalizing the order…in most of the time the response for the finalizing will be a “valid” status and it will contains the certificate. but what if the response status is “processing” which api should i use to check the order status and get the certificate once the order become “valid”?

Thanks

Just fetch the order URL again, using a POST-as-GET request, and check the status field.

Usually, clients will do this in a loop, while they wait for the order status to transition to valid. It is also advisable to put a maximum timeout on your loop (say, a few minutes), in case the order gets stuck at the CA.

Once the status has transitioned to valid, the order will contain a certificate field, which is a URL that you may fetch (again, via POST-as-GET) to download the certificate chain.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.