Order Invalid after DNS verification

Gowebsmarty · July 27, 2021, 12:31pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: prettyplanter.co.uk

I ran this command:
Using PHP client - GitHub - yourivw/LEClient: An easy-to-use PHP ACME v2 client library, designed to be used with LetsEncrypt.
Initiated new order for Wildcard SSL, fetched authorizations , updated DNS records and getting order invalid when trying to finalize the order

It produced this output:
Initial call works fine as below

[27-07-2021 12:15:52] :
{"request":"GET https:\/\/acme-staging-v02.api.letsencrypt.org\/directory","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 724\r\ncache-control: public, max-age=0, no-cache\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"fzStzA3C8z0":"https:\/\/community.letsencrypt.org\/t\/adding-random-entries-to-the-directory\/33417","keyChange":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/key-change","meta":{"caaIdentities":["letsencrypt.org"],"termsOfService":"https:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf","website":"https:\/\/letsencrypt.org\/docs\/staging-environment\/"},"newAccount":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","newNonce":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","newOrder":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","revokeCert":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/revoke-cert"}}

[27-07-2021 12:15:53] :
{"request":"HEAD https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:53 GMT\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0002X_lDBF0MeIhMuCjP7Bq3g6wZPxIkpTgcM8FvgMGbljs\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":""}

[27-07-2021 12:15:53] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:53 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118\r\nreplay-nonce: 0001EHa2R5-PcuCpA180bB6LqBVfbzG51Y_Gv6kgtHAjwss\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:15:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"terms-of-service\"\r\nreplay-nonce: 0001wm47HDL8MHoZG_z2TgSNCTAgHXFRnRKr9s0Zexu30UI\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:15:54] :
"LEClient finished constructing"

[27-07-2021 12:15:55] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160477728","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:55 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 000112uSZZP77F7-W4dTkgE1FXkTMoV_Cni1aqCzdxzYdyo\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"status":"invalid","expires":"2021-08-03T11:55:09Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142610688","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142610698"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160477728"}}

[27-07-2021 12:15:55] :
"Order data for 'prettyplanter.co.uk' invalid. Deleting order data and creating new order."

[27-07-2021 12:15:55] :
"Order Domains - [\"prettyplanter.co.uk\",\"*.prettyplanter.co.uk\"]"

[27-07-2021 12:15:55] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","header":"HTTP\/2 201 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:55 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160597648\r\nreplay-nonce: 0002gqpHLCkSa-b6rBbUna0AucS4wNWVYaCfs3VZ0kv5lDg\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":201,"body":{"status":"pending","expires":"2021-08-03T12:15:55Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160597648"}}

[27-07-2021 12:15:55] :
"Identifiers - [{\"type\":\"dns\",\"value\":\"*.prettyplanter.co.uk\"},{\"type\":\"dns\",\"value\":\"prettyplanter.co.uk\"}]"

[27-07-2021 12:15:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 398\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001A_unWCJQqBoE7CF-37o3Bb3ijliNXCMrM5zwqUlTfPg\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:15:55Z","challenges":[{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720058\/6vLdWw","token":"EDYUC-79ixFjc3nN5NRUmi7C4fVGxvi3wNmiQCnbmZA"}],"wildcard":true}}

[27-07-2021 12:15:57] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 818\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001v5a0Etdtd3o0XjlEhZoPsc6R257YJQ1ukznBT6AdgqQ\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:15:55Z","challenges":[{"type":"http-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/iFtEwg","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"},{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/Ezo-IQ","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"},{"type":"tls-alpn-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/QrEqIA","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"}]}}

[27-07-2021 12:15:57] :
"Created order for 'prettyplanter.co.uk'."

Second attempt to finalize the order results in below error:

Local check - All DNS challenges verified

[27-07-2021 12:28:49] :
{"request":"GET https:\/\/acme-staging-v02.api.letsencrypt.org\/directory","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:49 GMT\r\ncontent-type: application\/json\r\ncontent-length: 724\r\ncache-control: public, max-age=0, no-cache\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"Z-9vzPa4FYc":"https:\/\/community.letsencrypt.org\/t\/adding-random-entries-to-the-directory\/33417","keyChange":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/key-change","meta":{"caaIdentities":["letsencrypt.org"],"termsOfService":"https:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf","website":"https:\/\/letsencrypt.org\/docs\/staging-environment\/"},"newAccount":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","newNonce":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","newOrder":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","revokeCert":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/revoke-cert"}}

[27-07-2021 12:28:50] :
{"request":"HEAD https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:50 GMT\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001yqtBGHhiGgPgI301wAvPjAdd3RtvJzoe6pfJrR5smkU\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":""}

[27-07-2021 12:28:50] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:50 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118\r\nreplay-nonce: 0001hziPjtIU-KvvbIAh1kOy-b6rP0NKvNVQsRKsx-CjIv8\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:28:51] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:51 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"terms-of-service\"\r\nreplay-nonce: 0002E4SlWjRLlZaPVFKQx4bXueCL8pPYoBwc9Q6s4sEzqSw\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:28:51] :
"LEClient finished constructing"

[27-07-2021 12:28:52] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160597648","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001ou1vnU26E5m27MvfDID441YNgYqEYMpGoO0j6UN511s\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"status":"invalid","expires":"2021-08-03T12:15:55Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160597648"}}

[27-07-2021 12:28:52] :
"Order data for 'prettyplanter.co.uk' invalid. Deleting order data and creating new order."

[27-07-2021 12:28:52] :
"Order Domains - [\"prettyplanter.co.uk\",\"*.prettyplanter.co.uk\"]"

[27-07-2021 12:28:52] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","header":"HTTP\/2 201 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160674948\r\nreplay-nonce: 0001FCtUBDG-o8Bqp1JSqkbWxYtIz4DgexKjsNIH_sAX0L4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":201,"body":{"status":"pending","expires":"2021-08-03T12:28:52Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160674948"}}

[27-07-2021 12:28:53] :
"Identifiers - [{\"type\":\"dns\",\"value\":\"*.prettyplanter.co.uk\"},{\"type\":\"dns\",\"value\":\"prettyplanter.co.uk\"}]"

[27-07-2021 12:28:53] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:53 GMT\r\ncontent-type: application\/json\r\ncontent-length: 398\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001REwIPQe3uQTJx72hZvZiSJoID2Hr7JKFL9Tdby4WTpI\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY"}],"wildcard":true}}

[27-07-2021 12:28:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 818\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 00028BmEIT7KunP49g_ZQp7duQiZBNjCKYRqWdH3GiiGDak\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"http-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/gN3o0Q","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"},{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"},{"type":"tls-alpn-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/bMQvcg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"}]}}

[27-07-2021 12:28:54] :
"Created order for 'prettyplanter.co.uk'."

[27-07-2021 12:28:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 191\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"up\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg\r\nreplay-nonce: 00027-Rs-i6i0z0T9zbb6SngR2f8pLvBFeI_zsqjUSEsm-4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY"}}

[27-07-2021 12:28:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 697\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001vNsNt_4fLU7JXqYEV4eEJFJapofPajAObs25CcPnSW4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"invalid","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"8B1eOawyHxOj2VujChilavtWQ6VuEivAZsgwHbuQ_hE\" (and 23 more) found at _acme-challenge.prettyplanter.co.uk","status":403},"url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY","validated":"2021-07-27T12:28:54Z"}],"wildcard":true}}

[27-07-2021 12:28:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 191\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"up\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg\r\nreplay-nonce: 0001Aap421P78K9gK2hYrZAPssQiejbLp2meT5l6JpSb-gA\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"}}

[27-07-2021 12:28:58] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:58 GMT\r\ncontent-type: application\/json\r\ncontent-length: 677\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0002iW3uhwGErbs591bD4mmBAuvhNCJq9ccMjeo1YJvHVoA\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"invalid","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"usawkP4jWc-65Zu0MNNJuBJn0ntUE2mBlo8lER6mvJo\" (and 23 more) found at _acme-challenge.prettyplanter.co.uk","status":403},"url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA","validated":"2021-07-27T12:28:56Z"}]}}

Why is the order data getting INVALID? Can someone please point me in the right direction.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

griffin · July 28, 2021, 7:27am

Welcome Back to the Let's Encrypt Community, Shyam

DNS TXT records for dns-01 authorization are only used once for validation and should be deleted immediately afterwards. Please remove every TXT record with host _acme-challenge.prettyplanter.co.uk from the DNS zone for prettyplanter.co.uk then try again.

Gowebsmarty · July 29, 2021, 11:21am

If that's the case, shouldn't it say DNS verification failed?. I'm thinking why it says order invalid. This have happened several times on different domains. Does above debug log show if anything changed in the order? the identifiers are still same in secondary request too after adding the required DNS records.

griffin · July 30, 2021, 12:19am

I finally got to thoroughly analyze your debug output posted above.

This part:

is likely due to using a previous (invalid) order rather than submitting a new order right after (unnecessarily) creating a new ACME account. My evidence of this is a POST request right before the aforementioned error message that is submitted to:

rather than:

You can see this follows the error:

which is then followed by:

It makes no sense to create a new ACME account every time. It makes even less sense to resume an old, invalidated order.

The second new order is being invalidated as a result of the excessive amount of existing TXT records. It's like submitting 29 passwords to login to your bank's website for two different accounts. Needless to say, both dns-01 validations failed.

Gowebsmarty · July 30, 2021, 3:18pm

Hi Griffin,

Really appreciate your time and all your help..

I have enclosed 2 logs in my question i.e., A new account and new order is created in very **first **
attempt, then the domain verification challenges are retrieved.

In this second attempt, we are retrieving already created account and already created order, in order to verify the existing challenges. I guess we are not really creating new client or new order in second attempt. If we create new order after adding the DNS, doesn't it generate new set of verification challenges instead of allowing us to complete the already retrieved challenges?. Please let us know if there anything wrong in this flow..

Anyhow, I agree that order getting invalid in second attempt due to too many TXT records. Does order invalid status refers to failed DNS verification?

jvanasco · July 30, 2021, 4:01pm

Maybe.

LetsEncrypt has an optimization - it will cache a successful challenge verification with a given account for a few days. This doesn't persist across accounts.

If you request a certificate for 2 domains, you're given 2 challenges. If the first one succeeds, but the second one fails... if the same account tries to get the certificate within the cache window, it will only be presented with one acme challenge.

griffin · July 30, 2021, 10:55pm

You are quite welcome.

The ACME account already existed ("createdAt":"2021-07-27T11:55:07Z") prior to the creation attempt shown in the first log.

Allow me to demonstrate what's really happening with annotations...

First log:

GET ACME DIRECTORY:

[27-07-2021 12:15:52] :
{"request":"GET https:\/\/acme-staging-v02.api.letsencrypt.org\/directory","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 724\r\ncache-control: public, max-age=0, no-cache\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"fzStzA3C8z0":"https:\/\/community.letsencrypt.org\/t\/adding-random-entries-to-the-directory\/33417","keyChange":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/key-change","meta":{"caaIdentities":["letsencrypt.org"],"termsOfService":"https:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf","website":"https:\/\/letsencrypt.org\/docs\/staging-environment\/"},"newAccount":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","newNonce":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","newOrder":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","revokeCert":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/revoke-cert"}}

GET NEW NONCE:

[27-07-2021 12:15:53] :
{"request":"HEAD https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:53 GMT\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0002X_lDBF0MeIhMuCjP7Bq3g6wZPxIkpTgcM8FvgMGbljs\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":""}

ATTEMPT TO CREATE NEW ACCOUNT 21225118:

[27-07-2021 12:15:53] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:53 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118\r\nreplay-nonce: 0001EHa2R5-PcuCpA180bB6LqBVfbzG51Y_Gv6kgtHAjwss\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

ATTEMPT TO UPDATE ACCOUNT 21225118 WITH SAME INFORMATION:

[27-07-2021 12:15:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"terms-of-service\"\r\nreplay-nonce: 0001wm47HDL8MHoZG_z2TgSNCTAgHXFRnRKr9s0Zexu30UI\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:15:54] :
"LEClient finished constructing"

RETRIEVE INVALID ORDER 160477728:

[27-07-2021 12:15:55] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160477728","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:55 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 000112uSZZP77F7-W4dTkgE1FXkTMoV_Cni1aqCzdxzYdyo\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"status":"invalid","expires":"2021-08-03T11:55:09Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142610688","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142610698"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160477728"}}

[27-07-2021 12:15:55] :
"Order data for 'prettyplanter.co.uk' invalid. Deleting order data and creating new order."

[27-07-2021 12:15:55] :
"Order Domains - [\"prettyplanter.co.uk\",\"*.prettyplanter.co.uk\"]"

CREATE NEW ORDER 160597648:

[27-07-2021 12:15:55] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","header":"HTTP\/2 201 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:55 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160597648\r\nreplay-nonce: 0002gqpHLCkSa-b6rBbUna0AucS4wNWVYaCfs3VZ0kv5lDg\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":201,"body":{"status":"pending","expires":"2021-08-03T12:15:55Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160597648"}}

[27-07-2021 12:15:55] :
"Identifiers - [{\"type\":\"dns\",\"value\":\"*.prettyplanter.co.uk\"},{\"type\":\"dns\",\"value\":\"prettyplanter.co.uk\"}]"

RETRIEVE AUTHORIZATION STATUS FOR *.prettyplanter.co.uk:

[27-07-2021 12:15:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 398\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001A_unWCJQqBoE7CF-37o3Bb3ijliNXCMrM5zwqUlTfPg\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:15:55Z","challenges":[{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720058\/6vLdWw","token":"EDYUC-79ixFjc3nN5NRUmi7C4fVGxvi3wNmiQCnbmZA"}],"wildcard":true}}

RETRIEVE AUTHORIZATION STATUS FOR prettyplanter.co.uk:

[27-07-2021 12:15:57] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:15:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 818\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001v5a0Etdtd3o0XjlEhZoPsc6R257YJQ1ukznBT6AdgqQ\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:15:55Z","challenges":[{"type":"http-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/iFtEwg","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"},{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/Ezo-IQ","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"},{"type":"tls-alpn-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142720068\/QrEqIA","token":"6zj7ImEkWvqvCTBNKqk-wMNd3Ge9d9VDW-kl9pJ5FhI"}]}}

[27-07-2021 12:15:57] :
"Created order for 'prettyplanter.co.uk'."

Second log:

Local check - All DNS challenges verified

GET ACME DIRECTORY:

[27-07-2021 12:28:49] :
{"request":"GET https:\/\/acme-staging-v02.api.letsencrypt.org\/directory","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:49 GMT\r\ncontent-type: application\/json\r\ncontent-length: 724\r\ncache-control: public, max-age=0, no-cache\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"Z-9vzPa4FYc":"https:\/\/community.letsencrypt.org\/t\/adding-random-entries-to-the-directory\/33417","keyChange":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/key-change","meta":{"caaIdentities":["letsencrypt.org"],"termsOfService":"https:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf","website":"https:\/\/letsencrypt.org\/docs\/staging-environment\/"},"newAccount":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","newNonce":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","newOrder":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","revokeCert":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/revoke-cert"}}

GET NEW NONCE:

[27-07-2021 12:28:50] :
{"request":"HEAD https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-nonce","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:50 GMT\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001yqtBGHhiGgPgI301wAvPjAdd3RtvJzoe6pfJrR5smkU\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":""}

ATTEMPT TO CREATE NEW ACCOUNT 21225118:

[27-07-2021 12:28:50] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-acct","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:50 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118\r\nreplay-nonce: 0001hziPjtIU-KvvbIAh1kOy-b6rP0NKvNVQsRKsx-CjIv8\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

ATTEMPT TO UPDATE ACCOUNT 21225118 WITH SAME INFORMATION:

[27-07-2021 12:28:51] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/acct\/21225118","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:51 GMT\r\ncontent-type: application\/json\r\ncontent-length: 891\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"terms-of-service\"\r\nreplay-nonce: 0002E4SlWjRLlZaPVFKQx4bXueCL8pPYoBwc9Q6s4sEzqSw\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"key":{"kty":"RSA","n":"xaZMxoDzXvEH85trb4pBxr3AYvDl_Of6Nw82FNO4eJ3X-ybDnUb7cDEEggKOC9GNfFpVkhDMmDxezbcPin4ik31ttI4nUwkeGPLBOsD9MR_CI_offAkQj0l_18SDsIFvFjjkbCk_tIct6WU5_1QcdkPDCY6JRDRXC6X5OG2I6_8BkFqHhoikk-B6QqeItk1RayaxJ3DrP6L_6mfthuVdcS6_rK5Rc0iW7Frck3Dr28LA_T75f4LbXBvMlX-ELJhWrhP4w1NJyTlZzFF0UM9IdTntNoTPI2rboIWt6XUcnaDl7FDVoOOW9PjlOqKLix2cwT4OmwTbv6-1QEfOIODYLEZjZvYb7HJ65USGIUdKSlkzap4XmuZ7hWXw0DsyRmKdgd_Q2NlUSY6BnhvQ--s_OaR_ptsWKJ0LnHbEHvgYpatvKXXeCVO8pisi6z2yOpbCvO2p8LPop-hzzmlOvzNInv8_mxBjcQUpibYHnKFd6BFuTqnXiyARYueVHSNeOj_U9bAUA4Pfyfg4UFugmPpXk7edLE30DFWALWENaN114DLFYRDUxD-KXrPggYo7sb3-3z794sLFoeWw72c2oOAqbKt_jPnXKyEFfEwy1nHlSjSWgeKq_wQN6wwN35v2Prrpxo55sOfIAyAJixy4Q8KE2ksW0aY9Uq-uOS0FtpKFDX8","e":"AQAB"},"contact":["mailto:testest@gmail.com"],"initialIp":"188.121.57.46","createdAt":"2021-07-27T11:55:07Z","status":"valid"}}

[27-07-2021 12:28:51] :
"LEClient finished constructing"

RETRIEVE INVALID ORDER 160597648:

[27-07-2021 12:28:52] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160597648","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001ou1vnU26E5m27MvfDID441YNgYqEYMpGoO0j6UN511s\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"status":"invalid","expires":"2021-08-03T12:15:55Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720058","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142720068"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160597648"}}

[27-07-2021 12:28:52] :
"Order data for 'prettyplanter.co.uk' invalid. Deleting order data and creating new order."

[27-07-2021 12:28:52] :
"Order Domains - [\"prettyplanter.co.uk\",\"*.prettyplanter.co.uk\"]"

CREATE NEW ORDER 160674948:

[27-07-2021 12:28:52] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/new-order","header":"HTTP\/2 201 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:52 GMT\r\ncontent-type: application\/json\r\ncontent-length: 502\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/order\/21225118\/160674948\r\nreplay-nonce: 0001FCtUBDG-o8Bqp1JSqkbWxYtIz4DgexKjsNIH_sAX0L4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":201,"body":{"status":"pending","expires":"2021-08-03T12:28:52Z","identifiers":[{"type":"dns","value":"*.prettyplanter.co.uk"},{"type":"dns","value":"prettyplanter.co.uk"}],"authorizations":["https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938"],"finalize":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/finalize\/21225118\/160674948"}}

[27-07-2021 12:28:53] :
"Identifiers - [{\"type\":\"dns\",\"value\":\"*.prettyplanter.co.uk\"},{\"type\":\"dns\",\"value\":\"prettyplanter.co.uk\"}]"

RETRIEVE AUTHORIZATION STATUS FOR *.prettyplanter.co.uk:

[27-07-2021 12:28:53] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:53 GMT\r\ncontent-type: application\/json\r\ncontent-length: 398\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001REwIPQe3uQTJx72hZvZiSJoID2Hr7JKFL9Tdby4WTpI\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY"}],"wildcard":true}}

RETRIEVE AUTHORIZATION STATUS FOR prettyplanter.co.uk:

[27-07-2021 12:28:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 818\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 00028BmEIT7KunP49g_ZQp7duQiZBNjCKYRqWdH3GiiGDak\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"pending","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"http-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/gN3o0Q","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"},{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"},{"type":"tls-alpn-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/bMQvcg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"}]}}

[27-07-2021 12:28:54] :
"Created order for 'prettyplanter.co.uk'."

REQUEST DNS-01 VERIFICATION FOR *.prettyplanter.co.uk:

[27-07-2021 12:28:54] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:54 GMT\r\ncontent-type: application\/json\r\ncontent-length: 191\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"up\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg\r\nreplay-nonce: 00027-Rs-i6i0z0T9zbb6SngR2f8pLvBFeI_zsqjUSEsm-4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY"}}

RETRIEVE INVALID AUTHORIZATION STATUS FOR *.prettyplanter.co.uk:

[27-07-2021 12:28:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791928","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 697\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0001vNsNt_4fLU7JXqYEV4eEJFJapofPajAObs25CcPnSW4\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"invalid","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"8B1eOawyHxOj2VujChilavtWQ6VuEivAZsgwHbuQ_hE\" (and 23 more) found at _acme-challenge.prettyplanter.co.uk","status":403},"url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791928\/b-0YAg","token":"Am-bbbGMMH0afGVZ4UCizfMOOopqmEtczTEy8rkbhpY","validated":"2021-07-27T12:28:54Z"}],"wildcard":true}}

REQUEST DNS-01 VERIFICATION FOR prettyplanter.co.uk:

[27-07-2021 12:28:56] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:56 GMT\r\ncontent-type: application\/json\r\ncontent-length: 191\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nlink: ;rel=\"up\"\r\nlocation: https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg\r\nreplay-nonce: 0001Aap421P78K9gK2hYrZAPssQiejbLp2meT5l6JpSb-gA\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"type":"dns-01","status":"pending","url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA"}}

RETRIEVE INVALID AUTHORIZATION STATUS FOR prettyplanter.co.uk:

[27-07-2021 12:28:58] :
{"request":"POST https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/authz-v3\/142791938","header":"HTTP\/2 200 \r\nserver: nginx\r\ndate: Tue, 27 Jul 2021 12:28:58 GMT\r\ncontent-type: application\/json\r\ncontent-length: 677\r\nboulder-requester: 21225118\r\ncache-control: public, max-age=0, no-cache\r\nlink: ;rel=\"index\"\r\nreplay-nonce: 0002iW3uhwGErbs591bD4mmBAuvhNCJq9ccMjeo1YJvHVoA\r\nx-frame-options: DENY\r\nstrict-transport-security: max-age=604800\r\n\r\n","status":200,"body":{"identifier":{"type":"dns","value":"prettyplanter.co.uk"},"status":"invalid","expires":"2021-08-03T12:28:52Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"usawkP4jWc-65Zu0MNNJuBJn0ntUE2mBlo8lER6mvJo\" (and 23 more) found at _acme-challenge.prettyplanter.co.uk","status":403},"url":"https:\/\/acme-staging-v02.api.letsencrypt.org\/acme\/chall-v3\/142791938\/jwVcVg","token":"5ZGk-v8sqv6LDlyW2SnqYk1cSHsBRDROlK8mSg3OElA","validated":"2021-07-27T12:28:56Z"}]}}

system · August 29, 2021, 10:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"status": "invalid", Help	3	134	August 13, 2024
Invalid response from https://acme-v02.api.letsencrypt.org Help	3	22197	December 16, 2019
Order's status (\"invalid\") is not acceptable for finalization Help	3	1122	June 8, 2021
403: Order's status ("invalid") is not acceptable for finalization Help	7	799	August 9, 2023
Server response (403) on Finalize order Help	4	808	August 14, 2024

Order Invalid after DNS verification

Related topics