I am trying to generate certificate but it throws error like "Can not finalize order with status ‘Invalid’."What can be an issue?please guide
What ACME client are you using? Can you show us exactly what it is doing, including the code and logs?
What happened to the order? Why is it invalid? Why is the client trying to use it anyway?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
My domain is: macintoshelectronics.net
I ran this command:
var cert = await order.Generate(new CsrInfo
{
CountryName = “CA”,
State = “Ontario”,
Locality = “Toronto”,
Organization = “Certes”,
OrganizationUnit = “Dev”,
//CommonName = “www.certes-ci.dymetis.com”,
CommonName = “macintoshelectronics.net”,
}, privateKey);
It produced this output:it thows error.–>Can not finalize order with status ‘Invalid
Hi @gititmsc
that says: Your client code is buggy.
The code tries to finalize an order, but doesn't check if the challenge is valid.
Invalid challenge -> the order can't finalize.
So check your protocol / client to find the correct error message.
Hi,
Can you tell me what is client code?
That's the code you use.
One other question is how you decided to write this code yourself. It looks kind of like something that's more suited for a different certificate authority; for example, Let's Encrypt never includes any of these fields in its issued certificates and requesting them has no benefit.
Would it be possible for you to use an existing complete client instead of writing your own code to request certificates from Let's Encrypt?
Hi,
I am passsing below as client code.for my domain name.still getting same error.Can you please guide?
var cert = await order.Generate(new CsrInfo
{
CountryName = “IND”,
State = “Gujarat”,
Locality = “Ahmedabad”,
Organization = “ITMusketeers”,
OrganizationUnit = “ITMusketeers”,
CommonName = “www.itmusketeers.com”,
}, privateKey);
It looks like @gititmsc is following this recipe
in the Certes documentation.
@gititmsc, how did you decide to use Certes and write your own code for certificate issuance? Could your application use a complete stand-alone client instead?
Also, presumably there must be much more certificate-related code if you’re following that recipe. If you’re committed to following this approach, can you show us all of the code that you’ve adapted for working with Certes? In order to achieve certificate issuance, you would need to implement all of the parts that appear on the page. From what you’ve shown us so far, it’s not clear if you’ve done that or if you’ve just to run the certificate issuance code in isolation without performing the rest of the API flow.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.