Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Docs are one way to learn. Another is to install Certbot and use it to get a cert. It has a very nice log of all the flows. Of course, that's just the good, normal flows. If you are writing a client you need to handle all the odd stuff too.
That's I believe just an undocumented "feature" to circumvent the "POST-as-GET" requirements for the /acme/ URLS, making debugging a lot easier.
That's just how the ACME protocol works. You trigger the finalization and after that, the finalize URL isn't useful any longer and you should go back to polling the order. Reading this RFC is unfortunately not very easy IMO. Information is spread out across different places. I believe the protocol could be more condensed, more "syntax" and less words..