My order is still pending

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: radek-test.zcom.cz

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):
Debian
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
PHP GitHub - yourivw/LEClient: An easy-to-use PHP ACME v2 client library, designed to be used with LetsEncrypt.

From the last week automatically generating certificates using DNS stopped working. Now I try to figure out where the problem is. I am able to create an order: https://acme-v02.api.letsencrypt.org/acme/order/124904777/9969343491
I am able to set TXT record:
_acme-challenge.radek-test.zcom.cz. 300 IN TXT "uEJ0Lp_CRTauuR-lHeU5a-DasOo7S_e_M_Gww42oUEg"
But the order is still pending. Why is that? Am I missing something?
If I call verifyPendingOrderAuthorization nothing happened. Still pending. How can I force LE to do the verification?
Thank you

1 Like

I changed the forum for this post from ClientDev to Help.

Your issue appears to either be a question about using this client, or a bug with it. I haven't seen issues regarding this client posted here before, so I think your best chance at getting help is to reach out to it's developers via GitHub issues. Someone here may know how to help, but your best option is going to be with that group.

You could also try using another client.

If an order is still "pending" it means there are still challenges left that have not been attempted. Orders switch to "ready" once all challenges have been successfully completed, or any challenge in the order has failed.

3 Likes

@jvanasco

I had just done the opposite. :upside_down_face:

1 Like

Solved. There was a problem in client.

2 Likes

Hi @totoropy
Is it possible for you to share what the issue actually was? Might be helpful for future readers of the forum!

3 Likes

We use PHP client GitHub - yourivw/LEClient: An easy-to-use PHP ACME v2 client library, designed to be used with LetsEncrypt.
There is a function checkDNSChallenge
LEClient/LEFunctions.php at ecb478774efd7f9db79e66c38c28bfa8014ac366 · yourivw/LEClient · GitHub
(not nicely handled quotes)
It suddenly stopped working properly. It always returns false. This prevents sending a request to LE API to verify pending orders. Thus orders are still pending. A workaround is turn the local check off.

1 Like

I'm interested to learn why LEClient suddenly fails to successfully check your DNS challenge?

Unfortunately I wasn't able to get LEClient working on my Gentoo system.. I'm not working with PHP that often any more and Composer isn't a regular thing on Gentoo systems, so I wasn't able to install it properly.. So I can't figure it out myself.

1 Like

the lines @totoropy pointed to for the checkDNSChallenge -- are making/parsing a google public-dns json response. i would throw some print statements in there, to see what their response is. that would probably help isolate the issue. perhaps their systems can't read the dns (for any reasons) or perhaps their json format changed?

1 Like

I would if I could :sob:

2 Likes

To me it looks like when they previously parsed the Google DNS query their object wrapped the answer value in quotes, which may have been a bug or a change in default behavior in PHPs json_decode - or their code just never worked. My last serious amount of development using PHP was in 1998, so I have no idea how it's supposed to handle JSON normally :slight_smile:

1 Like

My CertSage ACME client is written entirely in PHP. I wrote a wrapper around the stock JSON encode and decode functions to format correctly for the ACME transactions.

1 Like

Not sure why that PR has been closed and branch deleted? Seems that should have done the trick.

Although perhaps a trim() removing any quotes if applicable would be a more future proof system, might the quotes return again somehow :stuck_out_tongue:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.