One host out of three keeps getting stuck in pending

We use our own client and it works well almost all of the time. However, I have one recent domain that I can’t seem to figure out. The cert is for sheboygan.wiki, www.sheboygan.wiki, and ftp.sheboygan.wiki. For some reason the authorization for www.sheboygan.wiki gets stuck in the pending state infinitely while the other two validate normally.

Can’t figure this out for the life of me. Any help would be wonderful. Thanks.

Hi @oborseth,

Does your custom client look at the individual challenge state to determine when the authorization is ready, or the overall authorization state? If it’s the former you might be running into this Boulder bug we identified yesterday. If that’s the case I recommend switching to checking the authorization state instead of the challenge state in the short-term while the bug is addressed.

Thank you for your response. We look at only the DNS challenge as that’s
all we do. I saw that post and wondered about that. Given this:
https://acme-v01.api.letsencrypt.org/acme/authz/CUHBFNOdRbU16Z1P35_ipMSisA_TcVkn-9H5Xv8vkKM

1 Like

Yup, this looks like an instance of Boulder issue #3346. Apologies

Your client should be able to operate on the top level authorization status short-term, which in this case is the correct “valid” state despite the challenges being recorded as pending.

Great, thanks. Fixed on our side and all looks well :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.